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SHAWN POWERS 


Pocket-Sized Penguins 


hen my kids were young, it was diffi- 
cult for me to convince them that 
penguins were birds. Frankly, they 


don’t look much like birds. They don’t exactly sit 
on bird feeders. Heck, they don’t even fly. When 
they are waddling around in the snow, penguins 
look gangly and awkward. It's not until you 
see them in the water that their beauty and ele- 
gance really shines. Although I’m not suggesting 
Linux is awkward, there are some environments 
in which it really shines. Mobile devices are 
one of them. 

This month, we're covering the whole gamut 
of mobile Linux. Alexander Sirotkin shows us 
how to bend Google Android to our will with 
the Java API. Marcel Gagné shows us a bit about 
syncing data from our non-Linux BlackBerry 
handsets with our Linux desktops. Most smart- 
phones lack native Linux software, but thankfully, 
Funambol fills that gap nicely and supports many 
different mobile devices. If you have a smartphone, 
you'll want to check it out. 

One of the frustrations of using mobile Linux 
devices is that the screens (if they have one) are 
really small. David Harding shows us the nuances 
of the Conkeror Web browser on small screens. 
Thankfully, more and more Web sites are being 
designed for the mobile-sized browser, but 
a flexible browser still is a great asset on tiny 
screens. Heck, with Linux, mobile computing 
doesn't even need screens. Federico Lucifredi 
shows us how to hack the Western Digital 
MyBook Il. With a little bit of work, you'll be 
able to take your own Linux server with you 
wherever you go. Throw a couple in your 
backpack, and you could be a mobile cloud! 

| was sure that for the mobile issue, Kyle 
Rankin would tell us about the time he did 
system administration on his server farm from a 
beach somewhere in Mexico with nothing more 
than an SSH prompt on his BlackBerry. | may 
have been wrong with my guess, but Kyle doesn’t 
disappoint this month. He deals with the 
horrible mistake many of us have made: typing 
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a command remotely into the wrong server. As 
someone who accidentally has typed his password 
in an instant message window to someone by 
mistake, I'd advise reading his column. Twice. 

Daniel Bartholomew is back this month to 
show us Kindle 2. The differences between that 
and the new Kindle DX are fairly easy to see 
(basically, it’s huge). But, there are some signifi- 
cant differences between the original Kindle and 
the new regular-sized model too. Daniel com- 
pares the two and explains the pros, cons and 
general interesting things Amazon is offering in 
its Linux-based devices. If music or audio is more 
interesting than reading to you, Dan Sawyer 
tells us all about Indamixx, a recording studio 
you can take with you on the go. There may 
be some inappropriate places to set up your 
mobile studio, but with Indamixx, the problem 
won't be portability. 

Fear not; this month we still have our regular 
lineup of columns to scratch that geeky itch. 
Dave Taylor demonstrates using getopt in shell 
scripts to parse the start flags. Reuven M. Lerner 
shows us how to check our Ruby code with 
metric_fu, and Mick Bauer continues his series 
on building a secure Squid proxy. This issue 
focuses on mobile Linux, but as with every other 
month, we aim to please everyone. 

| suppose Linux Journal itself is a good example 
of mobility. Feel free to take this issue with you 
wherever you go. If you subscribe to the digital 
edition, you might be reading this on a laptop 
right now. My only suggestion would be that 
regardless of which format you are reading, try 
not to get carried away. Penguins might be able 
to “fly” underwater, but unless you have a 
Linux-powered submarine, Linux Journal is best 
enjoyed on dry ground.— 


Shawn Powers is the Associate Editor for Linux Journal. He's also the 
Gadget Guy for LinuxJournal.com, and he has an interesting collection of 
vintage Garfield coffee mugs. Don’t let his silly hairdo fool you, he’s a pretty 
ordinary guy and can be reached via e-mail at shawn@linuxjournal.com. 
Or, swing by the #linuxjournal IRC channel on Freenode.net. 
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Eliminate Blank Lines 

Regarding Dave Taylor’s Work the 
Shell column in the March 2009 issue 
of LJ: as you have been using UNIX 
nearly as long as | have, you probably 
already know this. The early UNIX 
spell program used a pipeline very 
similar to the one you develop in your 
column. Its purpose was to get a list 
of unique words from the document, 
sorted and single case. The rest of it 
used comm(1) to compare the document 
word list to a small system dictionary, 
/usr/lib/dict/words. | say small, as it 
had only about 25,000 entries. 


One significant difference between the 
spell pipeline and yours was the handling 
of the tr(1) commands. Like your pipe, 
one tr did upper — lower translation. 
But, the second tr used options you did 
not mention in the article: -c and -s 
(complement and squeeze). Using today’s 
syntax, that it would look like this: 


tr -cs [:lower:] '‘\n' 


By complementing the lowercase class, 
this style ensures that no punctuation, 
white space, digits, control chars and 
so on are missed. All are translated into 
newlines, and where multiple sequential 
newlines result (that is, blank lines), they 
are squeezed out by the -s option. 
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| notice from your uniq -c output 
that blank lines are the second-most 
frequent “word”. 


Dave Taylor replies: Thanks for your 
note, Jon. You're right, using a bit more 
advanced call to tr would eliminate the 
blank lines, punctuation and so on. 
Thanks for the tip! 


Beware On-the-Fly Certs 
Regarding Mick Bauer's “Secure Squid 
Proxy, Part |” in the April 2009 issue: great 
article, Mick! However, | just wanted to 
draw some attention to the information in 
the “Just How Intelligent Is a Web Proxy” 
sidebar. It isn’t necessarily true that 
“contents of HTTPS sessions are, in practi- 
cal terms, completely opaque to the Web 
proxy”. Some proxy software now has 
the ability to initiate a man-in-the-middle 
attack, issuing fake SSL certificates on the 
fly to enable the proxy to impersonate the 
remote server. This enables the proxy to 
inspect the traffic going between the client 
and server. Most browsers will detect this 
on-the-fly cert (generating a warning to 
the user), as it usually doesn’t come from 
a valid Certificate Authority, but some 
companies are using tools, such as Group 
Policy, to push down custom CA settings 
within their organizations to configure the 
browsers to accept the on-the-fly certs as 
genuine (without throwing a warning). 


Ray 


Mick Bauer replies: Sure enough, you 
caught me oversimplifying. Thanks for 
the clarification, Ray! 


Linux on the Desktop? 

As | continue to search the forums for the 
issues | am having with a Linux desktop 
install, it seems that the Linux desktop (for 
me) still ranks as a hobby; Linux lacks a 
desktop that | can use in business. Linux 
has the applications—that’s not the issue, 
desktop stability is. | think Linux on the 
desktop is up and coming, but there are 
still unresolved issues—look at the forums 
and the number of issues that go unre- 
solved. | am not a Windows zealot by any 


means and run a lot of Linux in the server 
environment (where it rocks!), but | have 
yet to have a Linux desktop install that just 
works out of the box. When you install 
Windows, you know what you're getting, 
warts and all, but it does work. It seems 
Linux lacks a level of stability and requires 
a level of experience that | don’t have time 
for. Windows does not seem to have these 
issues and is why | continue to say that 
Windows wins the desktop war. Some will 
ask “what distro are you running, or what 
hardware platform are you installing on?” 
Or, they will say there is something | am 
doing wrong, and there probably is, but all 
| am looking for is usability so | can make a 
living. | will continue to search the forums 
and continue hoping that a stable Linux 
desktop OS emerges. 


Kulmacet 


| sound like a broken record when | keep 
saying this, but again, one of the weak- 
nesses Linux has as a desktop operating 
system Is the diversity we have. Linux can 
(and does) mean so many different things. 
Are you using a popular desktop distribu- 
tion? By that, | mean one tailored for 
desktop use as opposed to server and/or 
corporate use? Distributions like Ubuntu, 
Linux Mint, OpenSUSE and a few others 
have a better track record for desktop 
stability and usefulness. Since you men- 
tion that applications aren’t the problem, 
it makes me scratch my head, because 
stability is usually where Linux ROCKS. 
Feel free to drop me an e-mail with more 
specifics, and I'll see what | can do to help 
(shawn@linuxjournal.com).—Ed. 


Geek-Speak? 

Regarding James Gray’s response to Jim 
Leuba in the April 2009 Letters: you 
may want to omit the political “Climate 
Change” nonsense. While I’m sure you 
eat it up with the spoon Al Gore sold 
you in exchange for carbon credits, the 
rest of us out here in the ether don’t 
want to hear it. Stick to geek-speak and 
keep your audience. 


Seth Miller 


James Gray replies: While the decisions 


regarding how to respond to climate 
change—or not to respond to it—are 
political, the fact that climate change is 
occurring is not. The Theory of Global 
Climate Change is one supported by huge 
amounts of empirical data and enjoys near 
unanimous consensus among climatolo- 
gists. You can read more about it in docu- 
ments published by the Intergovernmental 
Panel on Climate Change (IPCQ), which 
summarizes the findings of climatologists 
around the world (www.ipcc.ch). 


Your reference to Al Gore suggests that 
| am a person who does not analyze 
evidence before making a decision. This 
| do not appreciate. Because you don’t 
know me, you have no idea how | make 
my decisions. However, the scientific 
literature | have read on climate change, 
and not bombastic rhetoric from blowhard 
opinionators, is the basis for my writings 
on the topic. 


Regarding your advice to “stick to the 
geek-speak”, | would argue that |! am 
doing so. In most of the “green” pieces | 
write, | discuss solutions to the challenge 
of reducing energy consumption in 
the data center. Discussions of climate 
change is simply part of the rationale 
that | offer for taking on such challenges. 


Recycling 

| usually enjoy Shawn Powers’ articles, but 
| feel that his editorial was a bit misleading 
[Free to a Good Home: Junk”, in the 
UpFront section of the May 2009 issue]. 
The idea of recycling old computers into 
the hands of those who need them is 
great: “Don’t worry about running out of 
hardware, the local school district likely has 
parts piled in closets in would love for you 
to ‘recycle’.” | work for my local school 
district and had the same thought. 

| quickly received a lot of flack from the 
people at the top and discovered it is 
easier for them to trash computers than 
to give them away. As a result, | started a 
501(c)(3) at reglue.org (Recycled Electronics 
and Gnu/Linux Used for Education). A lot 
of things did and didn't happen. | quickly 
had a lot of CRTs; | didn’t have nearly as 
many working mainboards with RAM to 
couple them with. | also quickly discovered 
that sometimes it’s hard to give stuff away. 


On a lighter note, | know someone who 
has been a lot more successful with 
refurbishing and giving away computers 


than |—Helios from the Helios Project 
(www.heliosinitiative.org/news.php). 
He's also the author of the blog about 
the teacher and the Knoppix CD. 


He and others are working to create a 
nation-wide (originally, just in Austin) Linux 
Against Poverty drive and installfest on 
August 1, 2009 (geekaustin.org/2009/ 
02/01/linux-against-poverty). Maybe 
you'll consider coordinating your own 
Linux Against Poverty installfest. 


As a side note: no one is really interested 
in having a computer without Internet 
access. Community-based mesh net- 
works are a great idea. | think those 
distributing computers might want to 
help others access the Internet—the 
greatest cleft in the Digital Divide 
(wiki.freifunk.net/Kategorie:English 
and freifunk-texas.net). 


D Davis 


Unfortunately, it /s easier to throw stuff 
away. That doesn’t mean the school 
wouldn’t love to give stuff away, just 
that it’s difficult. Unless we break some 
ground and push for some new policies, 
those computers will continue to be 
thrown away instead of put to better 
use. If | misled you into thinking it would 
be easy, | do apologize. Also, as a big 
coincidence, I’m actually writing this 
response on Earth Day. It seems all the 
more important that we do make the 
effort, however difficult, to get the piles 
of usable computers into the hands of 
those who can use them. I’m speaking 
to myself as much as anyone, because 
in my school district, it’s much easier 
to dispose of hardware than to give it 
away. That just has to change. Thanks 
for your comments. Hopefully, with peo- 
ple like us willing to do the grunt work, 
some real change can take place.—Ed. 


Cool Projects Issue 

| just wanted to send a quick note of 
thanks for the May 2009 issue. The 
hardware articles were thoroughly 
enjoyable and just the right technical 
level. | enjoyed the articles on the ama- 
teur rocket and underwater vehicle in 
particular, and am eagerly awaiting the 
land-based RC Linux mobile to complete 
the Earth/Air/Sea trilogy. 


Kwan Lowe 
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Me too! I’d go one further and antici- 
pate the interstellar Linux probe, but 
that might be a while yet. Thanks for 
the kind comments. It’s nice to hear 
we're bringing you material that is 
enjoyable and useful.—Ed. 


When Disaster Strikes, Don’t 
Forget the Freezer! 

Kyle Rankin had a great article in the 
March 2009 issue: “When Disaster 
Strikes: Hard Drive Crashes”. Good stuff 
there, and “Linux Hacks” has saved my 
backside more than once. 


It has been my observation that most of 
my drive failures, particularly in laptops, 
involve heat. By cooling the drive, it is 
sometimes possible to pull an image— 
often an error-free image—before the 
unit fails entirely. If a drive won't run long 
enough to pull an image, sometimes it is 
possible to extract important files quickly. 


| wrap them in anti-stat plastic and 
freeze them for a couple hours. Once 
out of the freezer, | leave them wrapped 
to avoid condensation, sandwich with 
gel-pacs, connect directly to a host 
machine, or via USB to SATA/PATA 
adapter, and pull an image as quickly as 
possible. Rinse and repeat as necessary. 
I'm about 70% with this technique. 
Your mileage may vary. Great article 
and great magazine. Keep it up. 


Kyle Rankin replies: Ah, the famous 
freezer trick! | admit | have used that 
one myself a few times, although I’ve 
always wondered how much of it was 
science and how much was voodoo. 
Either way, when one’s data is at stake, 
| think most people are willing to try 
anything that works (just look out for 
condensation on the drives if you live in 
a humid environment). 


Bad Guys 

Whoever wrote the May 2009 “They 
Said It” column in UpFront saw fit to 
include quotes by Marx and Lenin. Why 
go half-baked? Allow me to submit a 
few more choice quotes for the next 
issue, in chronological order: 


“Western intellectuals that profess 
admiration for Communism are 
suspect....They are objective traitors to 
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their class and to their interests, and 
must be treated as such....After their 
final victory in Western Europe and 
America, revolutionary forces will elim- 
inate all bourgeois traitors. ”—Lenin 


“Death solves all problems—no man, 
no problem.”—Joseph Stalin 


“The only good bourgeois is a dead 
bourgeois.” —Pol Pot 


| could go on, but | think you are 
starting to see my point. 


Marx and Lenin are responsible for 
some of the most horrible dictator- 
ships in history. And those are the 
people you chose to quote. Kudos. 
What elegance, what taste! Truly, you 
outdid yourself. 


| am extremely disappointed in you 
and your journal. | have been reading 
LJ since 2000, and in all these 
years, this is the first time you 
display such an utter contempt for 
decency and history. 


| expect you to apologize in the next 
issue, and I'd very much like not be 
subjected to repeat offenses. 


Francis Kohl 


Mitch Frazier replies: Francis, I’m 
responsible for those quotes. Sorry 
to have offended you, but | have 
to disagree with your apparent 
arguments that a bad guy can 
never have said anything useful 
and that all bad guys should just 
be erased from history. 


Video Request 

was watching the video on 
LinuxJournal.com about the various 
programs for screencasting, but 
didn't see a reference to Wink. 
t is fairly decent. 


also was wondering if you could do 
a video tutorial on how to get the 
sound from both the microphone and 
Rhythmbox to be recorded with some 
of the other screencast programs? | 
enjoy your mag; keep it up. 


Josh McClanahan 


Ha! | thought Wink was Windows 
only. Either it added Linux support 
since | last looked at it, or (more 
likely) | just never realized it. Thanks 
for the tip! As far as diverting 
audio, | can look into the process, 
but | generally use an external 
hardware mixer, so I'd be guessing 
and poking too.—Ed. 


PHOTO OF THE MONTH 


Have a photo you'd like to share with LJ readers? Send your submission to 
publisher@linuxjournal.com. If we run yours in the magazine, we'll send you a free T-shirt. 


Peter Wilson reading up on open-source code. Submitted by Tiffany Wilson. 
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MikroTik powered Hotspots around the world 


MikroTik RouterOS powered hotspots are everywhere. From Internet cafes in desert towns of Africa, 
to futuristic airport lounges in the US and five star hotels in the Mediterranean. Mikrotik can power 
your systems too. Free evaluation installations are available in our download section. 
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WHAT’S NEW IN KERNEL DEVELOPMENT 


Geert Uytterhoeven has replaced the old, 
dead CVS repository for the m68k Linux 
port with a shiny new git repository, and 
added a make install build target, as 
well as various other code fixes. 

Steven Rostedt has updated ftrace 
to let users turn kernel tracepoints on 
and off simply by setting values in files 
in the /debug directory. 

Jaswinder Singh Rajput has added 
some performance-counting features to 
AMD K7 and later processors. A range of 
data can be tracked, including processor 
cycles, number of executed instructions, 
page faults and context switches. The 
patches seem likely to go into the kernel 
soon. Ingo Molnar has given his endorse- 
ment and offered some bug reports to 
which Jaswinder responded quickly. 

Matthew Wilcox has done a major 
rewrite of the MSI HOWTO. The Message 
Signaled Interrupts (MSI) HOWTO had not 
been updated significantly since 2004. It 
provides a mechanism for triggering inter- 
rupts on PCI devices, entirely in software. 
Previously, PCI devices needed to have a 
physical pin corresponding to the desired 
interrupt. MSI is much more flexible, and 
proper documentation will be quite useful. 
Grant Gundler and Michael Ellerman 
offered their own technical feedback to the 
HOWTO, and Randy Dunlap and Sitsofe 
Wheeler helped polish up the language. 

Cheng Renquan has enhanced the 
KBuild system, so that when viewing 
help for any given compilation option, the 
currently selected build choice is visible at 


the same time. He also made various less 
user-visible changes, and Randy Dunlap 
has signed off. 

Alex Chiang has submitted a bunch 
of PCI patches, including code to create 
/sys/ous/pci/rescan, a user-controlled file that 
can force a rescan of all PCI buses on the 
system. He added several other files to the 
/sys/ directory to give greater and greater 
PCI contro! to the user. 

It's nice to remove features that no one 
uses. For one thing, it can simplify kernel 
code greatly. H. Peter Anvin wanted to 
remove the zimage build target recently 
and asked if anyone was still using it. As it 
turns out, Woody Suwalkski noted that 
ARM still used zimage. H. Peter probably 
will remove it from the x86 tree and leave 
ARM alone. 

Bartlomiej Zolnierkiewicz has 
expunged the IDE floppy and tape 
drivers from the kernel and the 
MAINTAINERS file and listed them in the 
CREDITS file instead. He thanked Gadi 
Oxman and Paul Bristow for all the work 
they did in the early days on those drivers. 

Michael Kerrisk has removed his name 
as the official maintainer of the kernel 
man pages. The Linux Foundation fund- 
ing has run out, and a supplemental round 
of Google funding also has run out, so 
now he'll have to focus on other things. He 
still plans to support the project as best he 
can, but he cautions that the man pages 
likely will be orphaned soon, if no further 
funding or willing maintainer steps forward. 

—ZACK BROWN 
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USER FRIENDLY by J.D. “Illiad" Frazer 
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Don’t you wish there was a knob on 
the TV to turn up the intelligence? 
There’s one marked “Brightness”, but 
it doesn’t work. 

—Gallagher 


Nobody in the game of football 
should be called a genius.A genius 
is somebody like Norman Einstein. 
—Joe Theismann 


Downgrade rights are hugely impor- 
tant for Windows 7.Will Microsoft 
offer downgrades [from Windows 7] 
to XP? They’ve not answered that 
question yet. But it’s really important. 
—Michael Silver, Garter analyst 


One day soon the Gillette company 
will announce the development of a 
razor that, thanks to a computer 
microchip, can actually travel ahead in 
time and shave beard hairs that don’t 
even exist yet. 

—Dave Barry 


Once a new technology rolls over 
you, if you’re not part of the steam- 
roller, you’re part of the road. 
—Stewart Brand 


The Internet today is an open platform 
where the demand for Web sites and 
services dictates success. You've got bar- 
riers to entry that are low and equal for 
all comers. And it’s because the Internet 
is a neutral platform that | can put on 
this podcast and transmit it over the 
Internet without having to go through 
some corporate media middleman. | can 
say what | want without censorship. | 
don’t have to pay a special charge. But 
the big telephone and cable companies 
want to change the Internet as we know 
it. They say they want to create high- 
speed lanes on the Internet and strike 
exclusive contractual arrangements 
with Internet content-providers for 
access to those high-speed lanes. Those 
of us who can’t pony up the cash for 
these high-speed connections will be 
relegated to the slow lanes....We can’t 
have a situation in which the corporate 
duopoly dictates the future of the 
Internet and that’s why I’m supporting 
what is called Net Neutrality. 
—President Barack Obama 


July 2009 


. Percent of US homes that don’t have Internet 
access: 29 


. Percent of US homes that think the Internet is 
useless: 12.7 


. Highest average number of spams per user in a 
single day in 2008 (April 23) at Google: 194 


. Approximate number of spams per second that 
can be attributed to the McColo ISP (recently shut 
down): 33 


. Approximate number of spammers responsible 
for 80% of Internet spam: 200 


. Rank of US in list of “10 Worst Spam Origin 
Countries”: 1 


. Rank of China in list of “10 Worst Spam Origin 
Countries”: 2 


. Rank of Russian Federation in list of “10 Worst 
Spam Origin Countries”: 3 


. Rank of United Kingdom in list of “10 Worst Spam 
Origin Countries”: 4 


. Rank of South Korea in list of “10 Worst Spam 
Origin Countries”: 5 


. Approximate cost per megabyte of RAM in 1957: 
$411,041,792 


. Approximate cost per megabyte of RAM in 2008: 
$0.021 


. Billions of dollars of legal music downloads in 
2008: 3.7 


. Percent increase in legal music downloads from 
2007 to 2008: 25 


. Downloaded music sales as a percent of total 
music sales: 20 


. Percent of total music downloads that were not 
“legal”: 95 


. Average “step-on-it” factor used during software 
estimation phase: 2.5 


. Average number of weeks left to complete a 
software project: 2 


. US National Debt as of 04/05/09, 1:29:32pm CDT: 
$11,135,460,534,223.90 


. Change in the debt since last month’s column: 
$185,190,792,300 


Sources: 7, 2: Park Associates | 3: Google Message 
Security Data Centers | 4: Spamcorp | 5-10: Spamhaus 
11, 12: www.jemit.com/memoryprice.htm 

13-16: IFPI | 17, 18: Common knowledge 

19. www.brillig.com/debt_clock | 20: Math 
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NON-LINUX FOSS 


=== lronPython is an implementa- 
tion of Python that runs on the 
.NET framework as well as on 
Mono. The current version of 
IronPython is compatible with 
Python 2.5, and an alpha 
release of a Python 2.6-com- 
“===: patible version also is available. 
_= =  lronPython is written entirely in 
‘ C#, and the current version is 
==» built on top of the Dynamic 
Language Runtime (DLR). 
IronPython Studio (from ironpythonstudio.codeplex.com) IronPython features an 
interactive console that does 
full dynamic compilation of Python code to .NET. It provides full access to 
all .NET libraries while maintaining compatibility with the Python language. 

There also is a Visual Studio plugin called IronPython Studio that supports 
the creation of Python-based GUI applications. In addition to IronPython, there 
are “Iron” versions of Ruby and Scheme (LISP). If you like Python but crave 
static typing, check out BOO for .NET/Mono. 

IronPython is licensed under the terms of the “Microsoft Public License”, 
which was approved by the Open Source Initiative (OSI) in October 2007. The 
license allows redistribution of compiled code for either commercial or noncom- 
mercial use (similar to a BSD license). For this reason, although it is recognized 
as a “free” software license by the Free Software Foundation, it is considered 
incompatible with the GPL. And, if getting too close to Microsoft makes you 
nervous, be aware that the IronPython Project is hosted on a Microsoft-controlled 
site: codeplex.com.—MITCH FRAZIER 


Netbooks—Dying or Evolving? 


I'm just as guilty as everyone else that jumped on the Netbook bandwagon when 
it started with the 7" Eee PC. After a few weeks, the limitations of such tiny 
notebooks become fairly clear. The Netbook market has evolved to the point that 
it's almost laughable. What are the latest features of that market? Bigger screens! 
Ten- to twelve-inch screens are becoming the new rage in the “Netbook” world. 

Um, we had 12" screens before. We called them notebooks. I’m not sure if 
the Netbook fascination is wearing off or if low-power laptops are just going to 
become the norm. Because “low power” is becoming a misnomer as the CPU 
speeds creep up on ultra-portables, | think the term Netbook might just die away. 

Another option is that something like Android, Moblin or Ubuntu Netbook 
Remix will standardize the tiny-screen laptop market, and it will become more 
like a souped-up cell phone as opposed to a stripped-down notebook. One 
thing seems clear, the days of a 7-9" screen running a customized and minimal 
Linux distribution are fading away into history. Is the Netbook a dying fad or 
still an infant going through growing pains? Sadly, | think that depends on 
how hardware manufacturers choose to push their upcoming models. 

| certainly don’t have the ability to see the future, but | hope the future of 
Netbooks doesn’t continue along the path of adopting Microsoft Windows. 
Low-powered hardware just begs to have the Linux kernel running on it. If the 
interface could be something standard that ran familiar applications, we might 
have a chance to retake the entire Netbook market. Only time will tell, and only 
hardware manufacturers can pick the standard._sHAWN POWERS 
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bc—When Integers Aren’t Enough 


Most people have the need to do some kind of math when they are 
using a computer. In shell scripts, you can make integer calculations by 
using functionality in the shell itself. But what if that’s not enough? 
Luckily, the POSIX standard includes a very useful command-line utility 
called bc. With this, you can do arbitrary precision arithmetic. Actually, it 
is a complete, C-like language that can do some pretty sophisticated 
programming, supporting variables and functions. 

In bc, numbers are all represented internally as a decimal number. 
They have a length, which is the total number of digits, and a scale, 
which is the number of decimal spaces. You can find these values by 
using the built-in functions length() and scale(). For example, the number 
10.23 would have a length of 4 and a scale of 2. The variable scale 
holds the number of decimal places to keep when internal functions are 
executed. The default value is 0. bc supports all number bases from 
2-16, with base-10 being the default. The input and output base of 
numbers can be set by using the variables ibase and obase. All of the 
basic mathematical operations are supported in bc. You can multiply, 
divide, add, subtract, do mod and exponentiation. There are all of the 
standard comparison operations too. Less than, less than or equal to, 
greater than, greater than or equal to, equal to and not equal to all give 
results of O for false and 1 for true. This is very useful in the conditional 
statements available in bc. 

bc can be used in shell scripts or on the command line as a very 
effective calculator. It will read from a list of files given on the command 
line or read from standard input. On the command line, expressions 
simply can be echoed through a pipe to bc: 


echo: “Ii |, ‘be 


The above will give the answer of 2. As a more complex example, 
the sine of 5 can be assigned to a shell variable with the following: 


RESULT="echo s(5) | be -1° 


The -| command-line option tells bc to load the math library, 
giving access to the trigonometric functions. 

As a bit of a contrived example, say there are two values and you 
need to find out which one has a larger sine. With the math library and 
the built-in comparison operations, you can do this with the following: 


echo "s(5) < s(10)" | be -1 


The result 1 is printed out on standard output, verifying that the 
sine of 5 is less than the sine of 10. bc can print out a text string telling 
the user whether the result is true or false with the following: 


echo 'if (s(5) < s(10)) print "true\n" else print "false\n"' | be -1 


This prints out the word true. If this string is to be stored in a vari- 
able, the newline characters would be removed from the executable 
line. This value then can be used later in a shell script by saving it to a 
shell variable. 

What if you have a data file of input values and you want to apply 
some function to them? Say you need to calculate the logarithm base- 
10 of each value and dump it into another file. The following example 
takes a list of the first ten numbers, calculates the logarithm base-10 
of each number and writes the value into the file output. Ist: 
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LTst="0 123 45 67 8 9" 

for INPUT in $LIST 

do 

echo "L($INPUT)/1(10)" | bce -1 >>output.1st 
done 


These examples already have done some useful work, but 
what if the requirements are more robust? Does this necessitate 
a move to a heavyweight math program, like Mathematica or 
Maple? Not necessarily. With bc, you can create and use functions 
to make more complicated calculations. Even recursive functions 
can be written, like in this example to calculate a factorial: 


define f (x) < 
if (x <= 1) return (1); 
return (f(x-1) * x); 
} 
print "Factorial:"; 
print f(factorial); print "\n"; 


factorial = read(); 
quit 


This can be dumped into a file called fact.bc and run through be 
to get the factorial of some number by executing: 


bc fact.bc 

This script asks the user for a number and then finds the 
factorial. It can be used without interaction simply by feeding 
the number in to standard input with a pipe: 
echo 10 | be fact.bc 

This prints out the factorial of 10 (3628800) to standard output. 


But, how fast can such a program be? For a variety of values run on 
a generic laptop, the following times were measured: 


10 0.004s 
100 0.004s 
1000 0.028s 
10000 3.099s 


These times were averaged over three runs to account for 
varying system load. It seems more than fast enough to be useful 
for a lot of heavy work. 

For a more scientific example, the following bc script finds how 
long it takes for an object to fall from a series of heights: 


define t(h) { 
g = 9.81; 
return (sqrti(2 * h # €)); 


Now there is no excuse for abandoning a shell script simply 
because it can’t handle some mathematical problem. With bc, you 
can do a lot of really useful work straight from the command line. 
Go forth and enumerate. 

—JOEY BERNARD 


STOP BURNING CDS; BURN 
USB DRIVES INSTEAD 


It seems that every week there's a new version of some Linux distribution available. 

| don’t know about you, but | have enough burned “last version” CDs to build a 

very reflective fort in the backyard. I'm also really bad about labeling CDs when | 
burn them, so | 


5 ONetboonn a3) end up burning 
: : ae a : the same CD 
Distribution | == Select Distribution == ¢ || == Select Version == s over and over. 


Thankfully, there 
is help for people 


Welcome to UNetbootin, the Universal Netboot Installer. Usage: 


1. Select a distribution and version to download from the list above, or manually like me— 
specify files to load below. . 
2. Select an installation type, and press OK to begin installing. Unetbootin. 
| did a video 


tutorial on this 
a while back, 


® DiskImage |ISO =) | /home/geza/kubuntu-kde4-8.04-desktop-i386.iso } lel 


Custom Kermel: peely ze tloppy fue lisa] but the gist of 
disk image, or CD pam egeces 
Initrd: image (ISO) file to lacs Unetbootin is 
load — that you create 
Options: Pa 
— a bootable USB 
Type: |USB Drive S Drive: [Idevisde' ai | OK | Cancel drive instead 


of burning an 
installer CD. The 
application automatically will download the latest CD image, or you can create a 
bootable USB drive from an already-downloaded ISO file. Unetbootin even works 
in Windows, so if you’re stuck with only a Windows machine, you can create a 
bootable USB drive to install our favorite operating system. 

The great thing is that USB drives are easily rewritable. Most modern systems 
will boot from them without issue. The only downside is that it's harder to build 
forts out of USB drives. So, unless you really want to build that highly reflective 
fort, I'd suggest checking out Unetbootin. 

Unetbootin video tutorial: www.linuxjournal.com/video/ 
creating-bootable-usb-install-drives-unetbootin. 

—SHAWN POWERS 
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Mobile LinuxJournal.com 


After reading all about mobile Linux this month, I’m guessing you might be 
in the mood to take your Linux Journal mobile too. If you haven't visited our 
mobile version at m.linuxjournal.com, you missed the chance to catch all 
the content you find on LinuxJournal.com formatted to fit your mobile 
device. Even if you have visited us on your mobile device, you may have 
missed the link to our mobile videos. Scroll down to the bottom of the 
screen, and you'll see a link to our videos on YouTube mobile, which 
provides our videos in 3gp format for your mobile device. Just think, now 
you can whip out Shawn Powers’ tech tips any time and almost anywhere! 
Happy viewing! 

—KATHERINE DRUCKMAN 
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EFI-xX: When 
Dual Boot 
Isn't Enough 


| recently was contacted by the folks 
selling the EFI-X. It’s a small USB 
device that allows EFl-booting operat- 
ing systems to boot on traditional 
BlOS-based machines. The big selling 
point for such a device is that it allows 
native booting of Apple OS X on 
off-the-shelf PC hardware. | couldn't 
get any specifics as to why a Linux 
user would benefit from such hardware, 
but at the same time, | guess it's useful 
to know Linux is fully compatible with 
EFl-booting technology. 

So although the $240 it takes to 
buy an EFI-X module won't really 
benefit your Linux install very much, 
if you want to install OS X on your 
trusty Linux machine, you now can 
do so. It most likely violates EULA 
terms with Apple to install on 
non-Apple hardware, but it doesn’t 
require a hacked and pirated version 
of OS X to install. | bought an EFI-x, 
and OS X installed from the retail 
DVD right next to my Linux install. 
It takes a separate drive for each 
operating system, but | now have a 
triple-booting quad-core computer 
that cost less than $800. If you 
don’t want to buy Apple hardware, 
but would like to dual- (or triple-) 
boot your system, check it out: 
www.expresshd.com. 

—SHAWN POWERS 
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REUVEN M. LERNER 


Checking Your Ruby 
Code with metric_fu 


By combining automated testing with automated code analysis, you can 
make your Ruby code easier to test and easier to maintain. 


Among programmers, there has long been a dispute 
between those who want a language to constrain 
them and those who want great flexibility. 

If you have been programming for a while, you'll 
understand the benefits that each side touts. A rigid 
language can help check your code, often using a 
compiler and a strict type system, to find potential 
problems before they make their way into produc- 
tion systems. By contrast, a more flexible language 
is designed with the knowledge that compiler 
and strict typing don’t find all bugs and often 
force programmers to work around the system’s 
constraints, rather than benefit from them. 

This brief description is little more than a carica- 
ture of modern programmer attitudes. But, it does 
point to a tension programmers often face when 
choosing a language. How much do you want the 
language to constrain you, and what trade-offs are 
you willing to make? Would you rather have a strict 
language that doesn’t let you express yourself the 
way you want or a flexible language that won't stop 
you from doing something foolish or dangerous? 


Done correctly, testing actually can be 
better than a compiler and strict typing. 


Like many Web developers, | have come to 
prefer dynamic, flexible languages. | don't want 
the language to stop me preemptively from doing 
things, even if what I’m doing might seem crazy or 
weird. I’ve become quite a fan of Ruby over the last 
few years because of the balance it tries to strike. 

However, the lack of a compiler or other tool 
to perform regular sanity checks does bother me 
somewhat. | wouldn't ever claim that a compiler is 
the only tool a programmer should use to test the 
code, but it does perform a first-pass inspection 
that can provide some useful feedback. 

Fortunately, the Ruby community encourages the 
use of regular automated testing to ensure that 
code works in the way you expect. Done correctly, 
testing actually can be better than a compiler and 
strict typing. It can check the code at multiple levels, 
reflect actual use cases and serve as a sanity check 
not only for the code’s syntax, but also for its logic 
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and specification. Moreover, writing tests forces 
programmers to reflect on their work, chewing over 
how they have implemented a particular feature. 
Such reflection is an essential part of the learning 
process, and it offers programmers a chance to 
become better at their craft, as well as to write 
better programs. 

Automated testing, accompanied by automated 
analysis, thus, can help improve programmers, as 
well as improve the programs they write. So, | was 
delighted to discover metric_fu, a Ruby gem from 
Jake Scruggs and others that pulls together some 
of the best-known analysis tools in one convenient 
package for Rails programmers. The combination of 
these various tools—including rcov, Flay and Flog— 
makes it easy to locate potential problems in code 
you've written and improve it. Automated analysis 
tools won't ever provide you with 100%-accurate 
feedback, but it's always good to get this sort 
of input. 

This month, | look at metric_fu and some of 
the code-analysis tools it makes available to Rails 
programmers. It's true that metric_fu is “just” a 
wrapper for these individual tools, but by making 
them so easily available and integrated with the 
rest of your testing, you'll constantly be in a 
position to understand where potential problems 
might lie and to fix issues before they cause you 
any real trouble. 


Installing metric_fu 
metric_fu is a Ruby gem, which means you can 
download and install it with: 


sudo gem install metric_fu 


The metric_fu gem specification automatically 
requires a number of other gems that it uses, 
including rcov and Flog. So installing the metric_fu 
gem should mean your system is ready, without the 
need for additional downloads and installations. 

Assuming you are using metric_fu with Rails, 
you probably will want to tell Rails that it should 
look for and include the metric_fu gem. You can 
do this in modern versions of Rails by adding the 
following line to config/environment.rb: 


config.gem 'jscruggs-metric_fu', :version => '0.9.0', 
‘lib => 'metric_fu', :source => 'http://gems.github.com' 


In other words, you want Rails to load the gem 
known as metric_fu, which can be downloaded 
from Github as jscruggs-metric_fu, version 0.9.0. If 
this gem does not exist, Rails will exit with an error. 

Finally, you must add a line to your Rails applica- 
tion's Rakefile, telling it you want to load the Rake 
tasks associated with metric_fu: 


require 'metric_fu' 


Once this is complete, you should find a number 
of new tasks, all of whose names start with metric, 
available in Rake. You can list them with: 


rake -T | grep metrics 


| typically run all the tests, which you can 
invoke with: 


rake metrics:all 


This runs all of the software metric_fu works 
with, a list that has grown somewhat in the 
last year. At the time of this writing, running 
metrics:all includes: 


@ churn: which files change the most? 

H coverage: which parts of your code are tested? 
@ flay: which parts of your code are duplicated? 
® flog: is your code unnecessarily complex? 


@ reek: does your code suffer from well-known 
bad practices? 


@ saikuro: how complex is your code? 


| cover a number of these tests in greater detail 
below. But, before continuing, it’s important to note 
that metrics:al1 will fail to run all the tests if the 
rcov coverage tool encounters one or more errors. This 
isn't a problem if you test frequently, but it can bite 
you if you break a test and then run metrics:all. 

When you run the full report with rake 
metrics:all, metric_fu puts all the output files 
under your application's tmp/metric_fu directory. 
Each test has its own separate subdirectory and 
produces output in HTML for easy reading with 
a Web browser. The fact that the files are put in 
tmp/metric_fu makes them easy to find and view 
on a local system, but it requires that you move 
them into a Web-accessible directory (for example, 


public/tmp/metric_fu) if you want to view them 
from a remote machine. It should go without 
saying that you don't want this information to 
appear on a Web site that is publicly viewable, 
so be sure to password-protect or delete these 
reports to avoid unpleasantness. 

Although metric_fu's defaults work for 
most initial cases, you may find yourself wanting 
to customize one or more of its tests. You can 
do this within your Rakefile by adding a 
MetricFu::Configuration block and invoking config.*, 
where * is one of the tests that metric_fu brings 
in. For example, you can customize which tests 
run for :all with: 


MetricFu::Configuration.run do |config| 
config.metrics = [:coverage, :flog] 
end 


If you modify config.metrics to include only a 
subset of metric_fu's tests, you may find yourself 
puzzled when other tests fail. For example, if you 
were to set config.metrics to the above value of 
[:coverage, :flog], invoking rake metrics:reek 
would fail, with Rake complaining that it wasn’t 
able to find such a task. 


Code Coverage 

Perhaps the best-known member of the metric_fu 
family is rcov, the Ruby code-coverage checker, 
written by Mauricio Fernandez. rcov invokes all 
your automated tests and then produces a report 
indicating which lines of your source code files 
were untouched by those tests. This allows you to 
see precisely which lines of each file have been 
tested, letting you concentrate on those paths that 
are highlighted in red (that is, untested), rather 
than writing additional tests for code that already 
has been tested. 

rcov, as invoked by metric_fu, produces two 
basic types of HTML output. One provides an 
overview of the pages of a site. This output, with 
red and green bar graphs, shows the percentage of 
each file that has been secured. If any of your files 
has a graph whose bar is partly red, this tells you 
on which files to concentrate your initial effort. 

But, once you have decided to make sure that a 
particular file has better test coverage, which lines do 
you improve? That’s where rcov's individual file out- 
put comes in handy. It shows the source code of the 
file, with lines of the code in either green (to show 
that it was covered in tests) or red (to show that it 
was not). If you have any red lines, the idea is for you 
to add tests that force those lines to be covered next 
time around. And, of course, if there are red lines 
that don’t need to be there, rcov has helped you 
refactor your code, making it leaner and meaner. 
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Reading rcov's output is pretty simple—you want 
everything to be green, rather than red. Any red is an 
invitation to write more tests or realize that the code 
is no longer in use and can be removed. 

One of the main reasons for testing your code is 
that it gives you some peace of mind when you make 
further changes. So, although you can refactor and 
otherwise change your code without 100% test cov- 
erage, it's always possible something will slip through 
the cracks. For that reason, rcov should be your first 
priority when using metric_fu. Once your code cover- 
age is high enough to ensure that new problems and 
changes will be detected, you can try to make your 
code better, without changing what it does. 


Flog 

Another tool that comes with metric_fu is Flog, writ- 
ten by Ryan Davis. Flog produces what it calls a “pain 
report”, identifying code that it believes to be “tor- 
tured”—in such pain that you really should rescue it. 
Even if you disagree with some of its results, looking 
at Flog’s output often can provide an interesting per- 
spective on your code’s complexity. It measures variable 
assignments, code branches (that is, if-then and 
case-when statements) and calls to other code, 
assigning a score to each of those. The total Flog score 
is the sum of the individual items that Flog finds. 

As the Flog home page says, “the higher the 
score, the harder it is to test”. Even if you're not 
worried about testing, you certainly should consider 
other programmers who might work on your project. 
Complex code is hard to maintain, and maintaining 
software is (in my view) a bigger problem than 
writing it. So, by looking at Flog’s output, you 
can get a sense of how hard your code will be 
for someone else to understand. 


Flog produces what it calls a “pain 
report’, identifying code that it believes 
to be “tortured”"—in such pain that you 


really should rescue it. 


metric_fu provides an HTML version of Flog’s 
output. | demonstrate it here from the command 
line, where it can be run as: 


flog *.rb 
This produces a simple set of outputs, such as the 
following, which | got for a small project | recently 


worked on and didn’t test or analyze much: 


181.0: flog total 
60.3: flog/method average 
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72.5: UploadController#advertiser_file_action 
70.1: UploadController#whitepage_listing_file_action 


This would seem to indicate that my upload 
controller has two different methods, both of which 
have a relatively high level of complexity. | can get 
further information about these two methods by 
invoking Flog with the --details command-line 
argument. That gives me the following output, 
which | have truncated somewhat: 


~/Consulting/Modiinfo/modiinfo/app/controllers$ flog --details 
upload_controller.rb 

181.0: flog total 

60.3: flog/method average 


UploadController#advertiser_file_action 
assignment 

branch 

S splat 

: blank? 

: strip 

> params 

+ 

map 

f] 


: downcase 
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In other words, a large proportion of Flog’s high 
score results from the large number of variable assign- 
ments in UploadController#advertiser_file_action. And 
sure enough, | have a bunch of variable assignments in 
that method, which led to a high score. For example, | 
wanted to display the number of uploaded records 
to the end user, and, thus, had the following code, 
assigning values to instance variables: 


if advertiser.save 
@number_of_successes = @number_of_successes + 1 
else 
@number_of_failures = @number_of_failures + 1 
@error_messages[index] = advertiser.errors 
next 
end 


| find this code easy to read and maintain, but 
Flog thinks otherwise, preferring a more functional 
style of programming, with methods chained together. 
This is one case in which I'll take Flog’s assertions 
and scores into consideration, but I'll apply my own 
judgment regarding the complexity of my code and 
whether it needs to be changed or updated. 


Flay 
One of my favorite tools that comes with metric_fu 
is Flay, also by Ryan Davis, which looks for duplicate 


code. One of the key principles of good coding is 
DRY (don't repeat yourself), and Flay makes it easy 
to find places where your code could use some extra 
DRY-ness. By running: 


rake metrics: flay 


you will get a nicely formatted report showing 
the places where your code has exact duplicates 
(which are embarrassing and problematic 
enough) and structural duplicates. So, if you 
have the same variable assignment in multiple 
controllers, Flay will find those for you and will 
point to the need for refactoring. For example, 
the simple project on which | hadn't yet run Flay 
had three methods, each of which contained the 
following identical code: 


if params[: filename] .blank? 
flash[:notice] = 'No file was attached. Please try again.’ 
redirect_to :back 
return 

end 


If this sort of code appears three times in the 
same controller, it means some refactoring is in 
order. In this particular case, | can remove the problem 
by putting this code into a separate method and 
then by defining a before_filter: 


before filter :check_for_blank_filename, 

:only => [:residence_file_action, 

tadvertiser_file_action, 
:whitepage_ Listing _file_action] 


Here is the method, which looks (not surprisingly) 
just like the code that was duplicated: 


def check_for_blank_filename 

if params[: filename] .blank? 
flash[:notice] = 'No file was attached. Please try again.' 
redirect_to :back 
return 

end 

end 


Re-running Flay indicates that | now have made 
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my code DRY-er than before, increasing its readability 
and making it easier to test. Sure enough, the Flay 
score for this controller dropped from 392 to 221. 
The measures are meaningful only relative to one 
another, but it seems undeniable that the code is 
now better, and the numbers reflect that. 

Flay can find subtler similarities as well, indicating 
where two pieces of code look similar to one another. 
For example, | had the following two lines in my 
code, in separate locations: 


(name, telephone, address, url, email, category string) = 
line.split("\t").map { |f| f.strip } 


(company, telephone, address, url, email, category_string) = 
line.split("\t").map{ |f| f.strip} 


Flay noted that this code is almost identical and 
can be refactored to be a bit DRY-er. Would | actually 
change this code? Maybe and maybe not, but at 
least I'm more fully aware of it, which is important 
in and of itself. If and when | spend time refactoring 
this code, Flay will point to the first and most 
necessary areas that need attention. 


Reek 
Finally, | should mention Reek, a tool written 
by Kevin Rutherford, which also is invoked by 
metric_fu. Reek looks for “code smell” or code 
that doesn’t follow commonly accepted style. This 
includes finding code duplication (similar to what 
Flay does), as well as long methods and poorly 
named variables. It also tries to find cases in which 
a method sends more messages to another object 
than to itself, which it calls feature envy, and 
methods that contain more than five lines of 
code, which are flagged as long. 

For example, regarding code | mentioned above, 
which read: 


(company, telephone, address, url, email, category_string) = 
line.split("\t").map{ |f| f.strip} 


Flay noticed that this code was duplicated. But 
beyond that, a one-letter variable name is almost 
always a bad idea, because it reduces the readability 
of the code. Sure enough, Reek will flag this code 
as having an “uncommunicative name” for the 
variable f. 

Even if I’m not totally sold on “Reek-driven 
development”, as Rutherford describes on the Reek 
home page, Reek is a useful way to find potential 
problems and provide additional feedback on the 
program that I’m writing. 


Conclusion 
Because of its dynamism and flexibility, Ruby offers 
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programmers the chance to do things that might 
lead to maintainability problems down the road. 
Fortunately, the Ruby community has produced a 
set of excellent tools for automated testing and 
analysis that make it possible to produce high- 
quality code that is easy for others to follow, test 
and maintain. metric_fu puts many of these tools 
into a single package, making it easy to run a 
variety of tests on your code.m™ 


Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD 
candidate in learning sciences at Northwestern University, studying on-line 
learning communities. He recently returned (with his wife and three children) 
to their home in Modi’in, Israel, after four years in the Chicago area. 


Resources 


The Ruby language comes with all modern 
Linux distributions, but it can be downloaded 
from www.ruby-lang.org. The Ruby on 
Rails framework for Web development is at 
www.rubyonrails.com. 


Like many modern Ruby gems, metric_fu is 
hosted at Github, a commercial git hosting 
service that offers free accounts to open-source 
projects. You can download metric_fu from 
github.com/jscruggs/metric_fu/tree/master. 


And, you can download rcov from github.com/ 
spicycode/rcov/tree/master, and Flay, Flog and 
Reek from github.com/seattlerb/flay/tree/ 
master, github.com/seattlerb/flog/tree/ 
master and wiki.github.com/kevinrutherford/ 
reek, respectively. 


Two excellent essays on the nature of program- 
ming languages, and depending on type systems 
and the compiler, are Steve Yegge’s blog entry 
about the return of dynamic languages 
(steve-yegge.blogspot.com/2008/05/ 
dynamic-languages-strike-back.html) and 
Bruce Eckel’s essay on the use of testing instead 
of strong typing to ensure good code 
(www.mindview.net/WebLog/log-0025). 


Donald Schon's excellent book, The Reflective 
Practitioner, describes different ways professionals 
can and should reflect upon their work while they 
are engaged in it. Although Schon does not 
mention programmers per se, what he says is 
very appropriate for programming work and 
has convinced me why automated testing and 
analysis tools are so valuable. 
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MARCEL GAGNE 


Linux, Thunderbird and 
the BlackBerry—a Love 


Story 


Keeping various devices in sync with our Linux systems can be the source 
of nightmares for many. After all, asking for an open-source solution that 
can keep millions of smartphones, cell phones, e-mail clients, contact 
databases and calendars on the same planet, never mind the same page, 
seems akin to asking for the moon—to which Chez Marcel would like to 
ask, “Would you like a nice rich Merlot with that moon?” 


Excuse me, Francois, but what are you doing? Are 
you sending text messages while you should be 
getting ready for the restaurant to open? You aren't? 
Well, if you aren’t texting, what are you doing 
hunched over that cell phone? Quo/? You are typing 
into three cell phones? My apologies, mon ami, but 
now | really have no idea what you are doing. Ah, 

| see, you're trying to update your contact list and 
calendars, and you can’t think of a way to do that 
with your Linux system. But, three phones? One is 
your BlackBerry, and the other two phones belong 
to your aunt and your mother. Sigh...tech support 
for the family on restaurant time, Francois? What 
am | going to do with you? Put those phones 
down, and I'll show you a better way to synchronize 
all those contacts. Quickly! | can see our guests 
arriving even now. 

Good evening, everyone, and welcome to Chez 
Marcel, where excellent Linux and open-source 
software finds its match with exquisite wines. 
Please, sit and make yourselves comfortable, mes 
amis. Francois was just getting ready to make his 
way to the cellar to get tonight's wine. Hurry, mon 
ami, and bring back the 2005 Vina Requingua 
Puerto Viejo Merlot from Chile that we were 
sampling, er, submitting to quality control earlier 
today. Vite, mon ami! 

While we wait for his return, let me tell you 
about Francois’ dilemma. He has multiple portable 
devices, including a BlackBerry, an Android phone 
and a Motorola RAZR, all of which he wants to 
synchronize with Evolution on his Linux notebook. 
On the store workstation, he uses Thunderbird 
instead, and at home, something else. Getting 
those contact lists, calendars and so on synchro- 
nized is easier than it sounds, and it all can be 
done with Linux and open-source software. 
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All this is possible, and easy, with a great little 
package from a company called Funambol. The 
software itself also is called Funambol, and it is 
freely distributed and open source. Essentially, it’s 
a program that lets you perform over-the-air (also 
known as OTA) synchronization of your contacts, 
calendars and so on, using your cell phone or 
smartphone, desktop contact management software 
(Evolution, Thunderbird, Outlook and so forth) and 
other hardware. Part of the magic behind all of it 
is SyncML (Synchronization Markup Language), 
which also is known as Open Mobile Alliance 
Data Synchronization (OMA DS). SyncML is an 
open standard for synchronizing information, 
such as calendars and contacts, that is platform- 
independent. Several mobile phone manufacturers, 
such as Motorola, Nokia and Sony Ericsson, 
already include SyncML in their devices. SyncML 
also supports e-mail, which is handy for those 
needing (or just plain wanting) an alternative to 
proprietary products, like the BlackBerry. 

Funambol consists of a server component and a 
client for your device or application. Start by getting 
your copy of Funambol server from funambol.org, 
and save it somewhere on your system. The package 
file, with a .bin extension, needs to be made executable 
before you execute it: 


chmod +x funambol-7.1.bin 
./funambol-7.1.bin 


The whole thing takes only a few seconds. The 
steps that follow are extremely simple. Type yes at 
the “agree to the above terms” prompt (it’s the GPL 
version 3). You'll be prompted for an installation 
directory which, by default, is /opt. It’s best to 
accept the default unless you have a very good 
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reason to do otherwise. The resulting folder will be 
/opt/Funambol. Once the product has been extracted, 
you'll be asked whether you want to start the 
server. Type yes and continue on. To make sure 
things are working properly, point your browser to 
http://localhost:8080/funambol/ds, and you should 
get status information back from the Funambol 
data synchronization server (Figure 1). 
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Figure 1. A Quick Test to Make Sure the Server Is Up 
and Running 


Of course, if you aren’t running this test directly 
on the server, you'll want to change localhost to the 
hostname or IP address of the server. 

Funambol also comes with a simple Web 
app to test the contact as well as calendar cre- 
ation and update before you turn it over to 
your mobile device. Point your browser to 
http://localhost:8080/funambol to bring up the 
demo page. You won't be able to do a great 
deal at this point, other than read the terms and 
conditions and test a very limited Web client. That 
demonstration will allow you to log in as guest with 
a password of guest and create contacts (Figure 2) 
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Figure 2. The Web client demo lets you create calendars 
and contacts, making it a better test. 
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or a calendar entry. Once you have done so, update 
a record or two, and make sure the changes are 
being saved. 

Now that you know it works, you still can’t do a 
great deal with Funambol in this form. In order to 
do more interesting things, you need to do a little 
system configuration. On the server side, there is a 
graphical administration tool. You can start it from 
the command line like this: 


cd /opt/Funambol 
admin/bin/funamboladmin 


A couple seconds later, you'll see the Funambol 
administration tool appear (Figure 3). To use the 
administration tool, you first need to log in. If you 
don’t see the login window up front, click File on 
the menu bar, and select Login. By default, the 
admin password, sa, already is set (you always can 
change it later), but for now, simply click Login. 


Figure 3. Funambol Administration Tool and Login Screen 


The Funambol administration tool is divided into 
three panes: a navigator pane fills the top left half, 
an admin tool pane is at the top right, and a status 
pane is located along the bottom (Figure 4). Take a 
look at the navigator window, and you will see your 
system's domain name at the top. To expand the 


Figure 4. On the left, you can see the Funambol administration 
tool's system navigator with several expanded properties. 
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Figure 5. Using the Tool to Change the Admin Password 


system tree, click the switch icon next to the domain 
name. You'll then see Server Settings (which expands 
into its own subtree), Users, Devices, Principals and 
Modules. That last one also expands into several 
other branches. To see how this all works and how 
you can configure and change things, let's deal with 
that admin password right now. 

Double-click on Users and look at the admin 
tool window (Figure 5). The Search Users tool 
appears. You can search by user name, first name, 
last name and e-mail address. Enter admin in the 
search box beside Username, and click the Search 
button (notice that you can search by a part of the 
name as well as position of the text by clicking the 
drop-down box beside the label). Only one admin 
name should show up, so it naturally will be high- 
lighted. If you did this by searching for part of a 
name, and you had multiple names, you would, of 
course, need to select the correct name. 

Click the Edit button, change the password, and 
then save your changes. That takes care of control- 
ling access to the tool. Your next step is to define 
access to the system. As it stands, your Funambol 
implementation allows connections only from localhost 
and then only to a limited set of users. You need to 
change that. Double-click on Server Settings in the 
navigator window. Now, look to the left and locate 
the Server URI field in the settings window (Figure 6). 

Enter the hostname (or the IP address) of your 
server, then click Save. You should see a confirmation 
message in the status window below. It should look 
something like this: 


http: //yourdomain.com:8080/funambol/ds 


Believe it or not, that’s pretty much it on the 
server end. Now, let's take a break, have Francois 
refill everyone's glass, and then let’s see what we 
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Server Settings 


Configure 


Configure 


Figure 6. As a final first step, you need to configure the URI 
to the Funambol service on your server. 


need to do on the BlackBerry end of things. 

The first step is to install the BlackBerry client, which 
you can find at https://www.forge.funambol.org/ 
download/downloads-bb.html. You will see an 
e-mail client in addition to the sync client, but, for 
the sake of this article, let’s just concentrate on the 
sync client. Make sure you get the right client for 
your particular BlackBerry OS version. 


N a (Inthis article, | concentrate on 
ote m BlackBerry synchronization with 
a Linux system, but remember that Funambol offers 
sync clients for many different mobile devices 
and smartphones. Simply point your browser to 
www.forge.funambol.org/download to find 
the right client for your mobile device. You even 
can sync your Android phone. 


Once installed, you will see the Funambol 
BlackBerry sync icon in your list of applications on 
the BlackBerry screen (Figure 7). 
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This is all wonderful, because the 


Funambol server effectively is keeping 
an over-the-air backup of your data— 


handy if you ever need to reload it. 


Click the icon, and you should see a status 
screen showing Contacts, Calendar, Tasks and 
Notes, all with Not Synchronized below the labels. 
To perform a sync, you need to configure the client. 
Press the menu key on your BlackBerry, and select 
Settings (Figure 8). 
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Figure 8. Press the menu key to configure the client settings. 


When the Funambol client configuration screen 
appears (Figure 9), enter the URI for your machine's 
Funambol server. This is the same address that you 
entered when you configured the server. You also 
must enter your user name and password—that's 
your Linux server user name and password. A little 
farther down that screen, there are check boxes 
beside labels to Sync Contacts, Sync Calendar, Sync 
Tasks and Sync Notes. These are all checked by 
default, but you may decide you don’t want to sync 
all those resources, so change it here if you like. You 
also can configure a scheduled sync and have the 
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Figure 9. Funambol BlackBerry Client’s Configuration Screen 
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client update your information every 30 minutes 
(the default) or whatever period makes sense to 
you. That feature is not turned on unless you 
specify otherwise. 

When you're done, save your settings (on my 
BlackBerry, | just press the trackball or the back 
arrow). You'll find yourself back at the status screen, 
and now you're ready to synchronize for the first 
time. Press the menu key, and select Sync All from 
the menu. The Funambol client will connect with 
your server and start transferring the information on 
your BlackBerry. Underneath the labels for Contacts 
(and Calendar and so on), the client will show how 
many records are being transferred. Once complete, 
the status screen lists the last successful sync for 
each resource (Figure 10). 
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Figure 10. During synchronization, the status screen shows 
you the number of records transferred. Once complete, you 
can see the latest sync at a glance. 


This is all wonderful, because the Funambol 
server effectively is keeping an over-the-air backup 
of your data—handy if you ever need to reload it. 
But, what if you use another client on your Linux 
desktop for e-mail, contacts and appointments, 
such as Evolution or Thunderbird? Funambol 
provides download clients for these and others 
as well. Figure 11 shows a screenshot of a pretty 
desolate-looking address book in Thunderbird. 


Figure 11. My Thunderbird Address Book, without Any Contacts 
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the Add-ons window appears, click the Install 
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stored the file, then click on it and install it. Once 
finished, Thunderbird needs to restart to load the 
new extension. After Thunderbird restarts, you 
must configure the Funambol client to connect to 
your server. Click Tools from the menu bar, and 
select Funambol plugin. When the Funambol PIM 
Plugin window appears, click the Options button, 
and you'll see a screen that, although shinier 
than the one on the BlackBerry, is similar as it 
asks for the same information, namely the server 
URL, user name and password (Figure 12). Enter 
the information, then click Close. 

That’s it. To synchronize Thunderbird with the 
contacts from my BlackBerry, all | do is click the 
Synchronize button and wait while my contacts 
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are transferred (Figure 13). How long this 

takes depends, of course, on how much informa- 
tion is being synchronized and how fast your 
connection Is. 

In this way, | can keep my desktop client in 
sync with my BlackBerry and the server itself. 
As an added bonus, | get over-the-air backup 
with my own server without having to shell 
out the dollars for a BES server. Funambol, 
Linux and my BlackBerry—it’s a match made in 
open-source heaven. 

With the help of Funambol, a great open- 
source application, you (and Francois), can keep 
all that personal information in sync without 
having to resort to entering the information 
manually or paying huge sums of money for a 
special server running proprietary code. Well, 
mes amis, the time is finally upon us. That old 
clock on the wall says closing time has arrived 
yet again. Francois will be happy to refill your 
glasses a final time while we say our goodbyes 
to one another. Please, mes amis, raise your 
glasses, and let us all drink to one another's 
health. A votre santé! Bon appétit!= 


Marcel Gagné is an award-winning writer living in Waterloo, Ontario. He is the 
author of the Moving to Linux series of books from Addison-Wesley. Marcel is also 
a pilot, a past Top-40 disc jockey, writes science fiction and fantasy, and folds a 
mean Origami T-Rex. He can be reached via e-mail at marcel@marcelgagne.com. 
You can discover lots of other things (including great Wine links) from his Web 
sites at marcelgagne.com and cookingwithlinux.com. 
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Parsing Command-Line 
Options with getopt 


Make your shell scripts more flexible and more command-line-friendly 
by accepting command-line arguments/flags. 


I've talked before about how | am a lazy shell 
script programmer. It might be because |’m simply 
not a full-time professional software developer, and 
| don’t even administer my own servers anymore—| 
outsource the job to Wisconsin. 

Regardless of how much | program nowadays 
though, | still find myself needing simple little 
applications—tiny programs that do one simple 
task well. 

And, then there are the throwaway scripts 
that stick around, ultimately becoming a mainstay 
of one's toolkit, spreading out to cover multiple 
functions and mysteriously growing to 100 lines 
or more. 

| have one of those in my toolkit, a script that 
originally was intended simply to figure out the 
dimensions of a graphic file and produce the proper 
height and width attributes for an HTML image tag. 

Now the script scale.sh has grown to 133 lines 
and does a variety of different, albeit related tasks. 
No surprise, it’s also grown to have a variety of 
command-line arguments, as shown here: 


$ ./scale.sh 


Usage: scale {args} factor [file or files] 
-a use URL values for APparenting.com site 
-b add 1px solid black border around image 
-i use URL values for intuitive.com/blog site 


k KW add keywords KW to the ALT tags 
af use ‘align=right’ instead of <center> 
-s produces succinct dimensional tags only 


A factor 0.9 for 90% scaling, 0.75 for 75%, or max width in pixels. 
A factor of '1' produces 100% 


Crack open the code, and you'll see my dirty 
little scripting secret—a very sloppy approach to 
parsing command-line options: 


if [ "$1" = "-a" ] ; then 
baseurl="www.apparenting.com/Images/"; 
fa 


shift 


| did warn you that | was a lazy programmer, 
right? This is a pretty classic way to parse and 
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process command-line arguments, actually. Check 
the value of $1, and if it's a known flag, change a 
default variable or two, then use the shift command 
to move $2 — $1, $3 — $2 and so on, effectively 
deleting the processed flag from the command- 
line args. 

The problem is, when you have more than one 
or two flags, this really doesn't work. | step through 
the command flags alphabetically in my scriot—for 
example, invoking the script as scale -r -a will 
fail. It'll process the -r flag but never see the -a and 
generate an error condition. 

Fortunately, there’s a very nice Linux command 
called getopt that lets you parse through your 
command flags in a far more sophisticated manner. 


getopt In Shell Scripts 
The getopt command first requires that you let it 
rearrange how your command flags are organized, 
then you use the set command to update all 
the positional variables. After that, you can 
step through the positional variables with a 
case statement. 

The first step is: 


args=getopt FLAGS $** 
set -- $args 


where FLAGS should be the individual letters of 
known and accepted command flags. If a flag has 
an argument that goes with it (like -s 30), append 
a colon to it. 

For my script, it looks like this: 


args=getopt abik:rs $*° 
set -- $args 


To see what happens, I’ve added a bonus echo 
statement. Here’s the result: 


$ scale -abs -k fdsf 100 *png 
args = -a -b -s -k fdsf -- 100 blooeeh.png 

As you can see, getopt separates out each and 
every command flag and adds a -- flag that indi- 
cates when the command flags end—simple, really! 


Now that the args have been restructured, parsing is 
relatively easy, though it looks pretty complicated (warning, 
I've stripped out a few clauses for simplicity): 


for i; do 
case "$i" in 
-a_) baseurl="www.apparenting.com/Images/" 
shift 34 
-k ) keywords="_ ($2)" 
shift ; shift 
-S ) verbose=0 
shirt. 33 
-- ) shift; break ;; 
esac 
done 


Let's read this backward. At the -- option, the loop will 
exit due to the break. Until that’s hit, the for loop will just 
keep iterating, stepping through all the flags specified. This 
is how the order of the flags becomes irrelevant. 

Each time a flag is matched, the desired action is taken, 
variables are set and so on, then the shift command shows up 
again to move all the command flags down one (for example, 
$2 to $1, $3 to $2 and so on). 

Shell script case statement matching lines are all in the 
form of: 


regex ) actions 


The double semicolon is an oddity, but that’s how you indicate 
the end of an individual case match, hence the notation 
shown above. 

Grabbing the argument for the -k flag is easy too, because 
getopt has made sure that it's a separate argument, and 
since we're using shift as we go along to move things 
around, $2 will always be the argument itself. 

Finally, also notice that as a stylistic approach, | have the 
double semicolon with a leading space. That’s just so when 
| eyeball the script, | quickly can recognize if there are any 
cases that are missing the double semicolon. 

The only piece missing is some error handling, because 
right now, if a bad flag is encountered, here’s what happens: 


$ scale -ax 100 *png 
getopt: illegal option -- x 


Nice, but the script doesn’t catch the error condition or 
stop running—not so good. 

To fix it, immediately after the call to getopt, simply test 
the return code: 


if | $7? '= 0 ] = then ... 


In the conditional, you probably would put a usage statement 
and an exit command. For my script, | actually also test 
to ensure that there are a minimum of two arguments on 
the command line as well, because the script is never valid 


without them: 


if [ $? != 0 -o $# -1t 2] ; then 
echo. *" 
echo "Usage: scale {args} factor [file or files]" 
echo ** 


. stuff skipped ... 


exit 0 
Tl 


At this point in our shell script writing journey, | certainly 
hope you can read that rather cryptic conditional statement 
and understand what it does. 

Ultimately, it's a bit of work to parse command-line flags 
the right way, but it makes for a far more flexible and robust 
shell script.— 


Dave Taylor has been involved with UNIX since he first logged in to the on-line network in 1980. That 
means that, yes, he’s coming up to the 30-year mark now. You can find him just about everywhere 
on-line, but start here: www.DavelaylorOnline.com. 
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Building a Secure Squid 
Web Proxy, Part III 


Tighten the controls on your Squid Web proxy. 


We've been building a secure Squid Web Proxy the 
past few months, and we'll continue to do so for a 
couple more. Last time [May 2009], we got Squid 
installed, running and restricted to serve only local 
clients (based on their IP addresses). This month, we 
delve deeper into Squid’s Access Control List (ACL) 
capabilities and other built-in security features. 


ACL Review 

As you may recall from my last column, all we 
had to do to get Squid running on a standard 
Ubuntu 8.04 system was add two lines to the 
file /etc/squid/squid.conf: 


acl mick_network src 10.0.2.0/24 
http_access allow mick_network 


We inserted those two lines, which allow outbound 
proxy connections from clients whose IP addresses 
fall within the network 10.0.2.0/24 (that is, addresses 
10.0.2.1 through 10.0.2.254), right above Squid’s 
default “deny all” ACL, which looks like this: 


http_access deny all 


You can correctly infer from this that, by default, 
Squid denies proxy connections from all clients. This is 
a refreshing change in default server application con- 
figurations during the past few years. Whereas in the 
past, many applications had default configurations 
that would “just work”, which is a very user-friendly 
but also excessively open stance, nowadays few net- 
work applications will do much of anything without 
some administrative intervention. This is only sensible. 
Connecting things to the Internet that you don’t even 
know how to configure is the way of pain. 

Getting back to our example ACL, the acl state- 
ment itself is fairly self-explanatory: acl tells Squid 
we're defining an ACL; mick_network is its name; 
src indicates it matches the client’s source IP 
address or network address; and 10.0.2.0/24 is 
the network address in CIDR notation that will 
match this ACL. 

This is the simplest type of ACL and still one of the 
most useful. In February 2002, if the New York Times 
had had a simple source-IP/network ACL correctly 
configured on its Internet-facing corporate Web 
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proxies, the rogue hacker Adrian Lamos couldn't have 
gained access quite so easily to its editorial-page 
contributor database or its Lexus-Nexus portal. 


ACLs in More Depth 

Besides clients’ (source) IP addresses, Squid also can 
match a great deal of other proxy transaction char- 
acteristics. Note that some of these deal with arcane 
HTTP headers and parameters, many of which are 
minimally useful for most Squid users anyhow. 

I've presented the full range of possible ACL 
types to give you a taste for how rich Squid’s 
ACL functionality is. Needless to say, however, 
| can’t cover usage scenarios for (or even ade- 
quately explain) all of these. ViServe's “Squid 2.6 
Configuration Manual” (see Resources) gives 
complete syntax and usage examples for all. 

Many, if not most, Squid installations don’t go 
much beyond a few src ACLs, along with perhaps a 
few simple dstdomain blacklist entries thrown in for 
good measure. Many of the other most useful ACL 
types, such as myip, time, port, proto, method, 
dst_mime_type and rep_mime_type, should be 
reasonably self-explanatory (or at least easy 
enough to understand from the examples shown 
in squid.conf's comments). 

One category of less-intuitive ACL types is par- 
ticularly powerful and useful: the ones that enable 
Squid to authenticate client users via external 
authentication authorities. Before we tackle 
authentication, however, we should give a little 
more attention to ACL operators, the tags that 
perform some action (most commonly, to allow 
or deny a request) based on a matched ACL. 

By far, the most important ACL operator is 
http_access, which specifies whether Squid should 
allow the transaction matching the specified ACL to 
proceed. Going back to the example ACL/operator 
pair from the beginning of this section, after we 
defined the ACL mick_network as all transactions 
involving client/source IP addresses within 
10.0.2.0/24, we operated on it with this line: 


http_access allow mick_network 


This is simple enough to understand: “allow HTTP 
requests matching the ACL named mick_network.” 


Table 1. Complete List of ACL Types Supported in Squid 2.6 


ACL Type Description 


src Client (transaction source) IP address or network address. 

dst Server (transaction destination) IP address or network address. 

myip Local IP address on which Squid is listening for connections. 

arp Client's Ethernet (MAC) address (matches local LAN clients only). 

srcdomain Client's domain name as determined by reverse DNS lookup. 

dstdomain Domain portion of URL requested by client. 

srcdom_regex Regular expression matching client's domain name. 

dstdom_regex Regular expression matching domain in requested URL. 

time Period of time in which transaction falls. 

url_regex Regular expression matching entire requested URL (not just domain). 
urlpath_regex Regular expression matching path portion of requested URL. 

urllogin Regular expression matching requested URL's “login” field. 

port Requested site's (destination) TCP port. 

myport Local TCP port on which Squid is listening for connections. 

proto Application-layer protocol of request (HTTP, HTTPS, FTP, WHOIS or GOPHER). 
method Request’s HTTP method (GET, POST or CONNECT). 

browser atches the client's browser, per HTTP “User-Agent” header. 

referer_regex Regular expression matching the unreliable HTTP “Referer” header (that is, the supposed URL of some page on which the user 


clicked a link to the requested site). 


ident atches specified user name(s) of user(s) running client browser, per an “ident” lookup. Note that ident replies, which often can be 
spoofed, should not be used in lieu of proper authentication. 


ident_regex Regular expression defining which client user names to match per ident lookup. 

src_as atches client IP addresses associated with the specified Autonomous System (AS) number, usually an ISP or other large IP registrant. 
dst_as atches destination-server IP addresses associated with the specified AS number. 

proxy_auth atches the specified user name, list of user names or the wild card REQUIRED (which signifies any valid user name). 
proxy_auth_regex Regular expression defining which user names to match. 

snmp_community For SNMP-enabled Squid proxies, matches client-provided SNMP community string. 

maxconn atches when client's IP address has established more than the specified number of HTTP connections. 


max_user_ip 


o 


ches the number of IP addresses from which a single user attempts to log in. 


req_mime_type 


o 


ches a regular expression describing the MIME type of the client’s request (not the server's response). 


req_header 


o 


ches a regular expression applied to all known request headers (browser, referer and mime-type) in the client's request. 


rep_mime_type 


o 


ches a regular expression describing the MIME type of the server's response. 


rep_header atches a regular expression applied to all known request headers (browser, referer and mime-type) in the server's response. 
external Performs an external ACL lookup by querying the specified helper class defined in the external_acl_type tag. 

urlgroup atches a urlgroup name, as defined in redirector setups. 

user_cert atches specified attribute (DN, C, O, CN, L or ST) and values against client's SSL certificate. 

ca_cert atches specified attribute (DN, C, O, CN, L or ST) and values against client certificate’s issuing Certificate Authority certificate. 
ext_user atches specified user name(s) against that returned by an external ACL/authentication helper (configured elsewhere in squid.conf). 


ext_user_regex 


oO 


ches a regular expression describing user names to be matched against that returned by an external ACL/authentication helper. 
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The most common use of ACLs is to specify a 
list of ACLs and http_access statements, ending (as 
we've seen) with a “drop by default” line, like this: 


http_access deny all 


This has the effect of creating a “whitelist”— a 
list of types of transactions that are allowed, with all 
others being denied. 

Squid recognizes a number of additional ACL 
operators besides http_allow, including no_cache, 
ident_lookup_access, always_direct, never_direct and 
snmp_access. Because most of these concern cache 
performance, HTTP redirects and communications 
with other Squid servers rather than security per se, 
I'll leave it to you to explore those (or not) as your 
particular needs dictate. The Squid User’s Guide 
referenced in the Resources section is a good source 
of information about Squid's various ACL operators. 


Squid Authentication 
As | mentioned previously, one of Squid’s most 
handy capabilities is its ability to authenticate proxy 
users by means of a variety of external helper 
mechanisms. One of the simplest and probably 
most commonly used helper applications is 
ncsa_auth, a simple user name/password scheme 
that uses a flat file consisting of rows of user 
name/password hash pairs. The HOWTO by Vivek 
Gite and, to a lesser extent, the Squid User’s Guide, 
explain how to set this up (see Resources). 

Briefly, you'll add something like this to 
/etc/squid/squid.conf: 


auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squidpasswd 
auth_param basic children 5 

auth_param basic realm Squid proxy-caching web server at Wiremonkeys.org 
auth_param basic credentialsttl 2 hours 


auth_param basic casesensitive off 
And, in the ACL section: 


acl ncsa_auth_users proxy_auth REQUIRED 
http_access allow ncsa_auth_users 


The block of auth_param tags specifies settings 
fora “basic” authentication mechanism: 


@ program is the helper executable ncsa_auth, 
using the file /etc/squid/squidpassd as the user 
name/password hash list (created previously). 


@ children, the number of concurrent authentica- 
tion processes, is five. 


H realm, part of the string that greets users, is “Squid 
proxy-caching Web server at Wiremonkeys.org”. 
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@ credentialsttl, the time after authentication 
that a successfully authenticated client may go 
before being re-authenticated, is two hours. 


M casesensitive, which determines whether user 
names are case-sensitive, is off. 


In the ACL section, we defined an ACL called 
ncsa_auth_users that says the proxy_auth mechanism 
(as defined in the auth_param section) should be 
used to authenticate specified users. Actually in this 
case, instead of a list of user names to authenticate, 
we've got the wild card REQUIRED, which expands 
to “all valid users”. The net effect of this ACL and 
its subsequent http_access statement is that only 
successfully authenticated users may use the proxy. 

The main advantages of the NCSA mechanism are 
its simplicity and its reasonable amount of security (only 
password hashes are transmitted, not passwords prop- 
er). Its disadvantage is scalability, because it requires 
you to maintain a dedicated user name/password list. 
Besides the administrative overhead in this, it adds 
yet another user name/password pair your users are 
expected to remember and protect, which is always 
an exercise with diminishing returns (the greater the 
number of credentials users have, the less likely they'll 
avoid risky behaviors like writing them down, choosing 
easy-to-guess passwords and so forth). 

Therefore, you're much better off using existing 
user credentials on an external LDAP server (via 
the Idap_auth helper) on an NT Domain or Active 
Directory server (via the msnt_auth helper) or the 
local Pluggable Authentication Modules (PAM) facility 
(via the pam_auth helper). See Resources for tutorials 
on how to set up Squid with these three helpers. 

Note that Squid’s helper programs are located 
conventionally under /usr/lib/squid. Checking this 
directory is a quick way to see which helpers are 
installed on your system, although some Linux 
distributions may use a different location. 


Other Squid Defenses 

Access Control Lists really are Squid’s first line of 
defense—that is, Squid’s primary mechanism for 
protecting your network, your users and the Squid 
server itself. There are a couple other things worth 
mentioning, however. 

First, there's the matter of system privileges. 
Squid must run as root, at least while starting up, so 
that, among other things, it can bind to privileged 
TCP ports such as 80 or 443 (although by default 
it uses the nonprivileged port 3128). Like other 
mainstream server applications, however, Squid’s 
child processes—the ones with which the outside 
world actually interacts—are run with lower privileges. 
This helps minimize the damage a compromised or 
hijacked Squid process can do. 


By default, Squid uses the user proxy and group 
proxy for nonprivileged operations. If you want to 
change these values for effective UID and GID, they're 
controlled by squid.conf’s cache_effective_user and 
cache_effective_group tags, respectively. 

Squid usually keeps its parent process running 
as root, in case it needs to perform some privileged 
action after startup. Also, by default, Squid does 
not run in a chroot jail. To make Squid run chrooted, 
which also will cause it to kill the privileged parent 
process after startup (that is, also will cause it to run 
completely unprivileged after startup), you can set 
squid.conf's chroot tag to the path of a previously 
created Squid chroot jail. 

If you're new to this concept, chrooting 
something (changing its root) confines it to a 
subset of your filesystem, with the effect that 
if the service is somehow hacked (for example, 
via some sort of buffer overflow), the attacker's 
processes and activities will be confined to an 
unprivileged “padded cell” environment. It’s a 
useful hedge against losing the patch rat race. 

Chrooting and running with nonroot privileges 
go hand in hand. If a process runs as root, it can 
trivially break out of the chroot jail. Conversely, if 
a nonprivileged process nonetheless has access 
to other (even nonprivileged) parts of your 
filesystem, it still may be abused in unintended 
and unwanted ways. 

Somewhat to my surprise, there doesn’t seem 
to be any how-to for creating a Squid chroot jail 
on the Internet. The world could really use one— 
maybe I'll tackle this myself at some point. In the 
meantime, see Resources for some mailing-list 
posts that may help. Suffice it to say for now 
that as with any other chroot jail, Squid’s must 
contain not only its own working directories, but 
also copies of system files like /etc/nsswitch.conf 
and shared libraries it uses. 

Common Squid practice is to forego the chroot 
experience and to settle for running Squid partially 
unprivileged per its default settings. If, however, you 
want to run a truly hardened Squid server, it’s prob- 
ably worth the effort to figure out how to build and 
use a Squid chroot jail. 


Conclusion 

Setting ACLs, running Squid with nonroot privileges 
most or all of the time and running Squid in a 
chroot jail constitute the bulk of Squid’s built-in 
security features. But, these are not the only things 
you can do to use Squid to enhance your network 
and end-user systems’ security. 

Next time, I'll show you how to use add-on tools 
such as SquidGuard to increase Squid’s intelligence in 
how it evaluates clients’ requests and servers’ replies. 
I'll also address (if not next time then in a subsequent 


column) some of the finer points of proxying 
TLS/SSL-encrypted sessions. Until then, be safe!m 


Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for 
one of the US's largest banks. He is the author of the O'Reilly hook Linux Server 
Security, 2nd edition (formerly called Building Secure Servers With Linux), an 
occasional presenter at information security conferences and composer of the 
“Network Engineering Polka”. 


Resources 


Wessels, Duane: Squid: The Definitive Guide. Sebastopol, CA: O'Reilly 
Media, 2004. Includes some tips on creating and using a Squid chroot jail. 


The Squid home page, where you can obtain the latest source code and 
binaries for Squid: www.squid-cache.org. 


The Ubuntu Server Guide's Squid chapter: https://help.ubuntu.com/ 
8.10/serverguide/C/squid.html. 


The Squid User's Guide: www.deckle.co.za/squid-users-guide/ 
Main_Page. 


ViSolve's Squid 2.6 Configuration Manual and Comprehensive 
squid.conf Reference: www.visolve.com/squid/squid26/ 
contents.php. 


“The Homeless Hacker v. The New York Times", Jennifer Kahn’s article 
in Wired about Adrian Lamos: www.wired.com/wired/archive/ 
12.04/hacker_pr.html. 


Chris Wichura’s slideshow “The Squid Caching Proxy”: 
www.uniforum.chi.il.us/slides/squid/UniForum-Squid.ppt. 


Vivek Gite’s tutorial “Howto: Squid proxy authentication using 
ncsa_auth helper”: www.cyberciti.biz/tips/ 
linux-unix-squid-proxy-server-authentication.html. 


Vivek Gite’s Tutorial “Configure squid for LDAP authentication using 
squid_Idap_auth helper”: www.cyberciti.biz/tips/ 
howto-configure-squid-Idap-authentication.html. 


David Bolton's “Howto: Squid + msnt_auth + Active Directory”: 
www.davidbolton.com/?p=32. 


Paul Matthews’ HOWTO “Squid with PAM Authentication and Squish 
Download Manager”: www.opensourcehowto.org/how-to/squid/ 
squid-with-pam-authentication--squish-download-manager.html. 


Thread from the squid-users mailing list, on what should go into a Squid 
chroot jail: www.squid-cache.org/mail-archive/squid-users/200609/ 
0782.html. 


Thread from the squid-users mailing list, about some of the finer points of 


running Squid in a chroot jail: www.squid-cache.org/mail-archive/ 
squid-users/200811/0411.html. 
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Right Command, 
Wrong Server 


It’s easy to lose track of what your servers do when they number in the 
tens or hundreds. Here are a few simple techniques I've found that 


make it easier to manage them all. 


When | first started out in systems administration, 
| had only a few machines to keep track of. It was 
relatively easy to remember which servers did which 
functions (mostly because one or two machines did 
just about everything). If a server had a problem, | 
immediately knew everything it would impact. 

For better or worse, nowadays my position has 
become more complicated. When you personally 
manage tens or hundreds of machines, it can be 
difficult to keep everything straight. When a server 
goes down, you might no longer know what 
services are impacted or who else to notify. Beyond 
that, there's also the dreaded running-the-right- 
command-on-the-wrong-server mistake. | think 
every sysadmin has typed halt, rm -rf or some 
other destructive command in the wrong terminal 
at least once (just ask my old boss Bill). 


Although | can’t guarantee you'll never 
type a command on the wrong server, | 
can say that as your environment grows to 
hundreds of servers, these techniques will 
help you pick up where your brain left off. 


In this column, | discuss some methods I've 
found to help you keep track of your servers. Although 
| can’t guarantee you'll never type a command on 
the wrong server, | can say that as your environment 
grows to hundreds of servers, these techniques will 
help you pick up where your brain left off. 


Message of the Day 

The message of the day (motd) is the message that 
greets you every time you log in to your system on 
the command line. For instance, here is the message 
of the day on one of my old Debian servers: 


Linux napoleon 2.6.20-1-k7 #1 SMP Tue Apr 24 22:37:29 UTC 2007 i686 


The programs included with the Debian GNU/Linux system are free 
software; the exact distribution terms for each program are 
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described in the individual files in /usr/share/doc/*/copyright. 


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 
permitted by applicable law. 
No mail. 


Messages like this are pretty generic, so it’s easy 
to take them for granted and leave them alone. 
After all, in this example, | already know the OS, 
hostname and kernel version (Linux, napoleon, 
2.6.20-1-k7). You can extend this information, 
however, and list anything you want. 

The message of the day is managed in a file 
called /etc/motd. It's a simple text file, so you can 
modify it to say anything you want, although you'll 
want to limit it to what can fit on a standard console 
screen. Note that on modern Debian-based systems, 
the /etc/motd file is somewhat dynamic, so you will 
want to modify /etc/motd.tail instead. 

So, how can you use this file to your advantage? 
A lot of security-minded administrators add a 
special terms of use in this file to note that 
their systems are private and do not allow 
unauthorized access. In that case, the motd acts 
like a No Trespassing sign, so if someone hacks 
in to the system, law enforcement has help 
demonstrating that the attacker was notified 
that it was a private system. 

Although you may or may not want to add 
a No Trespassing sign to your motd, there are a 
number of other things you can add to the 
motd to make your life as an admin simpler. For 
instance, you could add a short set of documenta- 
tion about the server, including what the server 
does, other groups to contact if there is a problem 
on the machine and even any special locations 
where custom files are stored. That way, when 
you log in, instead of a boring default motd, you 
could get something more like: 


Linux napoleon 2.6.20-1-k7 #1 SMP Tue Apr 24 22:37:29 UTC 2007 1686 


Welcome to Napoleon. 
Local services: DNS, DHCP, Internal Wiki (http://wiki.example.net) 


DNS config: /etc/bind, /var/named. 
DHCP config: /etc/dhcpd.conf 
Wiki files: /var/www/wiki 


Support team: root@example.net, wikiadmin@example.net 


You even might want to use the motd to pass 
along useful tips to regular users on the system. 
For instance, let's say your users use vim to view 
log files. On some systems, vim stores a complete 
copy of any files you open in /tmp. Although 
that’s fine for a small text file, when you have 
users opening 1GB+ Apache logs, your /tmp 
space fills up quickly, and you are paged again 
and again. One solution might be to add a gentle 
reminder in your motd to use less, not vim, to 
read large text files. 


Tweaked Shell Prompts 

Another great way to help remind you which 
servers you are on is to tweak your shell prompt. If 
you are a good security-minded admin and become 
root only when necessary, a quick tip is to make the 


root prompt a different color (like red), so it stands 
out and reminds you that everything you do is 
with root privileges. 

There are many different tastes when it comes 
to a custom shell prompt, so you might want to 
tweak this to suit your preferences. Also, I'm 
assuming you will be using the bash shell that 
most systems tend to default to these days, so 
the file you should edit is /root/.bashrc. What 
shows up in your prompt is defined by the PS1 
environment variable, so if you are curious what 
it is set to by default, simply type: 


root@napoleon:~# echo $PS1 
\u@\h: \w\$ 


In this example, you have a very basic prompt 
that lists the current user (\u), the @ symbol, the 
hostname (\h), a colon, the current working directory 
(\w) and a # symbol (if I’m root), or a $ otherwise 
(\$). On my sample system, it would look like 
root@napoleon:~# when | log in as root. 

There are plenty of other ways you can tweak 
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the prompt, and if you are curious, the full list of 
aliases you can use for it is found in the bash man 
page—just search for PS1. 

Because I’m focused on colorizing the prompt 
and not necessarily changing the format, | mostly 
will leave the prompt as is. There are a few ways to 
colorize the prompt, but the simplest way I’ve found 
is to define some of the potential colors you'd like 
to use in environment variables ahead of time, and 
then you can assign them to the PS1 variable without 
going cross-eyed from all the escape characters. 
Open up /root/.bashrc, and if PS1 already is defined, 
add these lines above it: 


NORMAL=*tput sgrO 2> /dev/null~ 
BOLD=*tput bold 2> /dev/null° 
RED="\[\033[31m\] " 

GREEN="\ [\033[32m\]" 

BLUE="\ [\033[34m\]" 

GREY="\ [\033[1;30m\]" 
PURPLE="\[\033\[03 35m\]" 


Now that all the colors are defined, | simply can 
define PS1 with the default settings, only with these 
color settings around it: 


PS1 = "$RED\u@\h: \w\$$NORMAL" 


Once you save the changes to .bashrc, the 
next time you log in, you will notice your prompt 
is colorized. Now you can spend the rest of the 
afternoon tweaking the prompt with different 
sets of colors and symbols like | did the first time 
| found out about it. It even might be worthwhile 
to use a different prompt color scheme for different 
types of servers. 


DNS TXT Records 

One of the problems with the previous two methods 
is that you must log in to a machine to get infor- 

mation on it. That leads me to one of my favorite 


If you add a TXT record as well, that gives 
you a nice centralized place to document 
what each server does in a way that can be 
queried from any machine on the network. 


ways to organize my servers, DNS TXT records. 
Most people probably are familiar with a DNS A 
record (it maps a hostname to an IP address) and 
probably CNAME and PTR records (it maps one 
hostname to another hostname and an IP address 
to a hostname, respectively), but many admins 
aren't aware of (or don’t use) TXT records. A TXT 
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record essentially allows you to assign text to a 
particular hostname. If you have an internal DNS 
infrastructure for your machines, you probably 
already have A records for all your servers. If you 
add a TXT record as well, that gives you a nice 
centralized place to document what each server 
does in a way that can be queried from any 
machine on the network. 

To demonstrate how to use TXT records, let’s 
assume I'm using a standard BIND server for DNS, 
and this is a short section of the file that defines 
A records for three hosts—napoleon, snowball 
and major: 


napoleon IN A 192:.166:..1.'6 
snowball IN A 192.,.1681,,7 
major IN A 192. 168.18 


All | would do is add a new TXT record below 
any A records | have that lists what those servers do: 


napoleon IN A 192.168.1.6 

napoleon IN TXT "DNS, DHCP, Internal wiki" 
snowball IN A 192 .168.1.7 

snowball IN TXT "Primary Internal File Server" 
192 .168.1.8 

major IN TXT "Failover Internal File Server" 


major IN A 


Once | save my changes and reload BIND, the 
TXT records are ready to go. The next time I’m 
scratching my head trying to figure out what 
snowball does, | just have to issue a dig query: 


$ dig snowball.example.net TXT +short 
"Primary Internal File Server" 


Note that | used the +short option with dig. 
That way, | get back only the contents of the 
TXT record instead of the volume of data dig 
normally gives me. Not only does this make it 
easy to narrow in on the information | want, it 
also makes it a handy little one-liner to add to 
other programs. | even could see some savvy 
administrators tweaking their shell prompt or 
motd so that it contained this value. 

Again, the beauty of using TXT records to 
document this is that it puts the information in 
a central place that you control and that you 
typically have to modify whenever you add a 
host anyway. Just be careful if you use this for 
externally facing DNS hosts—you might not 
necessarily want to broadcast all of your server 
info to everyone on the Internet.= 


Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and 
the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for 
O'Reilly Media. He is currently the president of the North Bay Linux Users’ Group. 
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_ NEW PRODUCTS 


Blackmagic Design's Broadcast and 
Post-Production Products 


The company Blackmagic Design recently announced a wholesale move to the Linux platform 
of its formerly Windows- and Mac OS-only products. Linux support was added to the new 
Media Express 2.0, a video capture and playback software application compatible with all 
Blackmagic Design DeckLink, Multibridge and Intensity products. This new version is a 


major update that adds support for direct capture and playback of DPX, AVI and QuickTime 

files, as well as list-based batch capture and playback, plus a major UI overhaul. Also adding Linux support are the DeckLinux (video 
cards), Intensity (HDMI/analog editing component) and Multibridge (external capture and playback solution) products. A free, cross- 
platform SDK is included. Finally, the DeckLink Optical Fiber, which Blackmagic calls “the world’s first 10-bit SD/HD broadcast capture 
card with both optical fiber SDI and regular SDI”, now has a Linux driver and SDK. The card is designed for high-end broadcast and 
post-production customers who work in large facilities needing lots of creative workstation seats and seek to use both types of cabling. 


www.blackmagic-design.com 


PureCM 


Software development companies should take note of the new PureCM 2009-1, 
a Software Configuration Management (SCM) solution that controls, tracks and 
visualizes changes to digital assets. PureCM facilitates software development in 
team environments, accommodating best practices, such as task-based version 
control, parallel development and build automation. One key new feature 


involves greater advance insight into and control of changes that need merging. 
Merge conflicts also can be resolved pre-integration using a visual resolve tool. A 
second key feature is a new and simplified cross-platform GUI, allowing developers 
to see on which files their colleagues are currently working within their private 


workspace. They also can preview their completed changes before integrating them automatically into the workspace. 
PureCM is cross-platform for Linux, Mac OS and Windows, and it offers native integration with Eclipse and Visual Studio. 


www.purecm.com 


ASUS VH Series LCD Monitors 


Greening your computing experience keeps getting easier, thanks to the efforts of companies like ASUS, 
whose new VH Series LCD monitors garnered a Gold rating under the EPEAT environmental standard. 
The VH series offers five models with screen sizes ranging from 20"-24". Each model has been certified 
by the EPEAT organization, which evaluates PCs based on their environmental attributes. EPEAT’s 


standards demand exceptional performance in areas such as reduction or elimination of hazardous ASUS VH 
materials, design for end of life, product longevity, resource conservation, end-of-life management, 

corporate performance and packaging. Gold is EPEAT’s highest rating. ASUS says that with the VH monitor series, it perfected new manu- 
facturing techniques to reduce mercury and utilize post-consumer recycled plastic without affecting product performance and reliability. 


Www.asus.com 


LAND tHe TECH JOB 


YOU LOVE 


Andy Lester’s Land the Tech Job You Love 
(Pragmatic Bookshelf) 


If you're laid off or stuck in a dead-end career, Andy Lester’s new book Land the Tech Job You Love 
from Pragmatic Bookshelf may land you a gig that springs you out of bed each morning. The book will 
help techies learn the job-search techniques that work for finding an fulfilling career. Lester claims that 
we techies have a tougher time finding and winning the right job, because companies are ever-more 
demanding and our competition is smart, tech-savvy and resourceful. The reader will learn skills such 
as how to uncover hidden jobs that never get publicized, perform effective social networking, craft an 
effective résumé, understand the mindset of hiring managers and perform well in interviews. The book 
is further peppered with real-life stories about what works and hilarious tales of what doesn’t. 


Www.pragprog.com 
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NEW PRODUCTS |) 


Aaron Erickson’s The Nomadic Developer: 
THE Surviving and Thriving in the World of 
NomabIc Technology Consulting (Addison-Wesley) 


DEVELOPER 


If your dream job means saying adids to your boss and running your own show, pick up Aaron Erickson’s new 
book The Nomadic Developer: Surviving and Thriving in the World of Technology Consulting, published by 
Addison-Wesley. Making a living as a technology consultant has its pros and cons, and author Erickson first helps 
readers assess whether it's their ideal career path. Should readers decide to choose to become (or continue as) 
consultants, Erickson presents a guide to success in the field. He explains issues such as how to break into the 
business and build a career path, understand the mechanics of consultancies and avoid the traps of unscrupulous 
ones, master secret consulting success tips, add more value than competitors, enhance professional development 
and build a personal brand. Erickson and other battle-worn consultants also offer the lessons they learned from years in the trenches. 


www.informit.com 


World of Technology Consulting 


OpenOffice.org 


The Linux community's favorite office suite, OpenOffice.org, continues its forward progress with the 
latest 3.1 release. New overall features include improved screen appearance due to anti-aliasing, easier 
dragging and placement of graphics and improved file locking. New features in Writer include 
overlining (and not just underlining) and better comment functionality. New to Calc are a zoom slider, 
formula hints and improved sorting. New to Base are SQL syntax highlighting and the ability to a complete database application by 
including macros and scripts within a Base document. OpenOffice.org’s supported platforms are Linux, Solaris, Mac OS and Windows. 


www.openoffice.org 
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Virident’s GreenCloud Server Family 


Virident recently released a new class of servers, which the firm says “is the first 
to be designed with the Internet in mind”. The GreenCloud Server Family is 
optimized to deliver high-performance, as well as energy- and cost-efficient 
computing for data-centric, query-rich applications that predominate in the 
Internet data center. The first two members of the product line are GreenCloud 
Server for MySQL and for Memcached. Each server is based on the 
GreenCloud Architecture, which, says Virident, transforms an industry-standard 
server into a data-centric “in-memory server platform”. The architecture allows applications to “directly interact with large volumes of data hosted 
in memory tightly integrated into the CPU complex, which ensures optimal utilization of all server elements—compute, memory and /O”. The 
resulting “Storage Class Memory”, a new memory tier that bridges the performance and persistence gap between main memory and mass 
storage in traditional server architectures, works in tandem with a co-optimized software stack within an industry-standard x86 server platform. 
The result, says Virident, is “orders of magnitude higher performance and previously unattainable capabilities to data-centric applications”. 


www.virident.com 


JetBrains’ TeamCity = 


And the award for most visually stimulating company name goes to JetBrains, who recently released 
version 4.5 of TeamCity, a distributed build management and continuous integration tool. JetBrains 
says that with TeamCity, one can set up a build server within minutes and enjoy out-of-the-box contin- 
uous unit testing, code-quality analysis and early reporting on build problerms—all without leaving the 
IDE. Furthermore, TeamCity is “the place to find all kinds of information about your projects—from 
their current status and health, to the detailed change history with metrics and statistical trends”. The 
company also cites TeamCity’s gentle learning curve that allows users to improve release management 
practices quickly by gradually adopting its advanced features and capabilities. New in version 4.5 are improved integration with Visual Studio and 
Eclipse with added support for VCS systems, and enterprise-level features, such as user groups and LDAP support, and multiple UI improvements. 


www.jetbrains.com 


Please send information about releases of Linux-related products to newproducts@linuxjournal.com or New Products 


c/o Linux Journal, PO Box 980985, Houston, TX 77098. Submissions are edited for length and content. 
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SF new erosects 


Fresh from the Labs 


Gnaural—Binaural Brain Wave 
Entrainment 
gnaural.sourceforge.net 

This has been one crazy month. Why? 
Because I've discovered the weird- 
science world of Binaural Beats. For 
the uninitiated (which I’m guessing you 
are), binaural beats are basically just 
two sound streams running against 
each other, but usually for a very specific 
purpose: brain wave entrainment. 

The way it works is you'll have an 
audible base frequency, say 200Hz. 
Then you have a beat frequency, which 
usually will be below what your ear can 
hear, say 8Hz. You then run the carrier 
frequency down both sides of the 
stereo spectrum (and this is best on 
headphones), but with a slight differ- 
ence on one channel from the other (in 
this example, 200Hz down the left, and 
208Hz down the right). When you hear 
these played, your brain concentrates 
on the 8Hz difference, or whatever beat 
frequency you're running. 

Why would you do this, you ask? 


tae 


Gnaural can help slow down or speed up 
your brain waves—here it’s being used for 
inducing a meditative state. 


Here's Gnaural being used to maintain alert- 
ness—very handy for studying. 
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Because these binaural frequencies 
can have strange and unique effects 
on your body and state of conscious- 
ness. This really is weird stuff, and 
the program we're looking at using is 
Gnaural, made by my good friend 
from Yale Psychology, Bret Logan. 
According to its Web site: 


Gnaural is a multiplatform pro- 
grammable binaural-beat gener- 
ator, implementing the principle 
of binaural beats as described 

in the October 1973 Scientific 
American article “Auditory Beats 
in the Brain” (Gerald Oster)....In 
over a decade of experience 
with the technique, | have found 
it mainly useful in areas of sleep 
induction and “power napping”, 
and also as a way to bring medi- 
tation both within reach (when 
stress has put it out of reach) 
and to extend its boundaries 
over time. 


Installation Provided on the Web 
site are packages specifically for Debian; 
however, there are packages natively 
available for Ubuntu, Fedora, SUSE, 
Gentoo and Arch Linux. There are 
two versions available: Gnaural and 
Gnaural 2. I'm not sure what the differ- 
ence is (maybe it’s that they use GTK 1 
and 2—they look the same to me), but 
Gnaural 2 is obviously the latter, so I've 
stuck with that. When | went to install 
the binaries, there were no dependency 
issues, so they installed right away. 

If you're working with source, you'll 
need the -dev packages for libglade2, 
libportaudio and libsndfile. If you 
download the tarball, extract it, and 
enter the folder with the command 
line, apparently the installation is the 
usual case of: 


$ configure 
$ make 
$ sudo make install 


However, | had problems with con- 
flicting Portaudio versions and couldn‘t 
get past the /configure script, so better 
luck to you if you're compiling the 
source (I just stuck with the binary). 


Once Gnaural is installed, you can start 
it at the command line with: 


$ gnaural2 


Usage Before you do anything, 
plug in some decent headphones. 
When Gnaural loads, you'll see a bunch 
of controls and a field with a strange 
graph. This is Gnaural’s default pattern, 
a playlist of binaural frequencies. 
This default pattern is designed to be 
“Meditative, spiking occasionally to 
wakefulness”, and it has a default play 
ime of 73.5 minutes, which safely will 
it on any audio CD. If you’re patient, 
press Play and go for it. Otherwise, you 
might want to scale back the runtime 
© something you can easily hack, say 
en minutes or so (check the Scale box 
under Selected Datapoints X, and drag 
he slider left to do this). 

Now, | must state from the outset, 
his is nothing to do with New Age 
stuff. Gnaural is purely scientific in its 
methods, and it uses only two sound 
waves running against each other. 
When it refers to meditation, although 
someone who meditates in the tradi- 
tional sense would find use here, in this 
case, it’s purely to do with slowing 
down the brain and relaxing—shutting 
off parts that needn't be running for 
the moment. This default pattern will 
take you through various stages of 
consciousness by entraining your brain 
to certain frequencies. 

In the background, “pink noise” will 
be playing, which is a sort of soft static 
that helps drown out noise from the 
outside world. This can be muted if you 
like, which generally will make the 
effect of the binaural sounds stronger 
and more apparent. | haven't really got 
the space to go into much further detail 
here, but explore, and you'll find that 
you can make your own frequencies 
and design your own patterns, among 
many other features. 

In terms of bodily effects, generally 
it will make you feel more relaxed and 
probably sleepy—that's the desired 
effect of the default pattern. However, 
on experiments with myself and my 
friends, | found | had strange REM-like 
eye movements and rapid blinking. One 


friend had momentary changes in and love every minute of it, and some 
vision. Another seemed to lose track of people are using binaural beats every ‘We x ORG 
time. One got really sleepy. Our guitarist day for this very reason. Check it out, ——————— — 
felt amazingly relaxed, and his brother but take care. en Sore — 
said it felt like his ears were shrinking. a rt 
And, one of my mates said it felt like his Back In Time—a Backup Tool en 
tongue was slowly disappearing! with a Difference j 
The uses of binaural beats aren't backintime.le-web.org _ 
limited purely as a tool of relaxation Ever made a mistake, deleted or over- om “dl 
though. If you have a bit of a trawl written something, and wanted to go <7. 
around the Web site’s discussion boards, back a day? This might be the tool 
you can find other presets for things, for you. According to the project's Back In Time—Simplistic Backups for 
such as staying alert, helping you wake Freshmeat entry: Specific Folders 
up, maintaining concentration while 
studying and helping travel times Back In Time is a simple backup qiines tisk ree <e- 3 
pass quickly. system for Linux (GNOME and General include Exclude Auto-remove Options Expert Options 
These usually sub-audible frequen- KDEA) inspired by the flyback oes = 
cies have different effects on different project and TimeVault. The back- aacnmanaie a a 
people—everyone’s brain is unique. I’d up is done by taking snapshots Tea — > 
like to say this is harmless, but that of a specified set of directories. 
would be irresponsible. This is still a All you have to do is configure 
fairly unexplored area of science. If you where to save the snapshot, w 0 || @ sonce 
try it, do so at your own risk, and if what directories to back up, and 
you have negative effects, stop using it when a backup should be done Back In Time lets you decide how often you 
immediately. On the other hand, you (manually, every hour, every day, want to back up your folders and where, in 
also might find it's brilliant, soothing every week or every month). It handy folder snapshots. 


Expert included. (ted 


Meet Victoria (on the right). She is the Silicon Mechanics marketing expert responsible for the events and promotions that keep our customers Xeon 
informed about exciting new products and technologies. She's pictured here with her twin sister Veronica, an industrial designer, to help us make a 
point about what makes twin servers from Silicon Mechanics so popular. Victoria and Veronica are twins, but they don’t look exactly alike and they 
don’t do the same job. Twin servers are two servers in a single 1U chassis: they can be configured differently, and they handle their own individual 

workloads. 


inside 


Powerful. 
Intelligent. 


With the introduction of the Rackform iServ R4410 from Silicon Mechanics, twin power has reached a whole new level: the twin’. A twin? is a 2U 
4-node system. It supports four swappable, full-featured nodes in a 2U chassis with redundant power. In each node you'll find 2 of the new Intel® 
Xeon® 5500 Series processors, 12 DDR3 DIMM slots, 3 hot-swap drives, and an integrated dual-port GigE adapter. Integrated InfiniBand is also 
available with the R4410-IB. Unmatched density and state-of-the-art 
processors make the R4410 a superior choice for high-performance 
computing, and Victoria is spreading the word with enthusiasm. 


Si_icom 


When you partner with Silicon Mechanics, you get more 
than the latest and greatest in density, performance, and 
energy efficiency—you get an expert like Victoria. 


For more information about the Rackform iServ R4410 
visit www.siliconmechanics.com/R4410 


— 
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SF new rrosects 


Project at a Glance 


LongoMatch: the Digital Coach 


You know how much | love a niche pro- 
ject, and here is something genuinely 
cool-looking. According to its Web site: 


LongoMatch is a sports video 
analysis tool for coaches to 
assist them in making game 
video analysis. You can tag the 
most important plays of the 
game and group them by cate- 
gories to study each detail of 
the game strategy. A list with 


acts as a user-mode backup sys- 
tem. This means you can back 
up and restore only folders to 
which you have write access. 


Installation If you check out the 
Web site’s download page, it has 
instructions to integrate repositories for 
Ubuntu and Fedora, where you can 
install the packages straight from your 
system's package manager. If you don’t 
have either of these distros though (or 
prefer to compile it), the source is avail- 
able too. The link where these are found 
is misleadingly marked “You can down- 
load older versions here” on the main 
downloads page (you actually can get 
the latest source tarballs from this section 
too, newer than the main binaries). 

If you're going with the binaries, you'll 
have to install the available common 
package first, and then install either the 
GNOME or KDE4 package, depending on 


all the tagged plays lets you 
review them with a simple 
click, even in slow motion. The 
timeline gives a quick overview 
of the game and lets you 
adjust the lead and lag time of 
each play frame by frame. 
LongoMatch has support for 
playlists, an easy way to create 
presentations with plays from 
different games. Besides, you 
can create new videos with 
your favorite plays using the 
video editing feature. 


$ sudo ./install-gnome.sh 


It now will be ready to run under 
GNOME and requires python-glade2, 
python-gnome2 and meld. 

For KDE, enter: 


$ sudo ./install-kde4.sh 


The KDE option requires x1 1-utils, 
python-kde4 (>= 4.1) and kompare. 
Once the installation is finished, you can 
run the program by entering: 


$ backintime 


Usage Once you're inside, Back In 
Time is a pretty basic affair. On a first- 
time run, it starts off with the Settings 
Dialog, where you define where the 
backup snapshots are saved, what 
folders to back up and how often to 
do it (among other features). 


Ever made a mistake, deleted or overwritten 
something, and wanted to go back a day? 


your preference. If you choose to run 
with the source tarball, installation is 
surprisingly easy. Download the tarball, 
extract it, and open a terminal in the 
folder. Enter the command: 


$ sudo ./install-common.sh 


This first step installs the base of the 
program (not the GUI) and requires that 
you have Python and rsync installed. 

If you want to run with GNOME, 
enter: 
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Start with where to back up. You'll 
see the General tab first, and the first 
field will let you choose where to save 
the snapshots of what you want 
backed up. Below that is the drop- 
down box for how often you want 
snapshots updated, which has the 
choices of disabled (you'll have to do 
it yourself), every five minutes, ten 
minutes, hour, day, week or month. 
I've got mine set to every ten minutes. 
It checks to see whether there are any 
folder differences, and if so, it takes 


LongoMatch 


Hopefully, | can get this working by 
next month; it looks to be a juicy 
little project! 


another snapshot. 

Click on the Include tab, and you 
can define what actual folders you want 
backed up in your snapshots. I’ve got 
my desktop being backed up in snap- 
shots, which are in the form of separate 
folders in my home directory, under 
backups. Every time there's a change, 
a new folder is made, each with a 
different date and time code, allowing 
me to backtrack accurately if | need to 
retrieve something. Other tabs include 
more advanced options, such as exclud- 
ing certain files and the like, but I'll let 
you explore that yourself. 

All in all, Back In Time is a very 
simple application that is best used 
on smaller folders that you work with 
a lot. As a musician with my own 
recordings, | have a lot of music files 
being constantly altered, and quite 
often, | make silly mistakes that result 
in files being irretrievable. Back In 
Time is invaluable for such circum- 
stances. If you’re chasing something 
super-advanced with a lot of wizz- 
bang features that work system-wide, 
this probably isn't it, but for those 
who want something simple for use 
on a small scale, it’s ideal. 


John Knight is a 24-year-old, drumming- and climbing- 
obsessed maniac from the world’s most isolated city—Perth, 
Western Australia. He can usually be found either buried in an 
Audacity screen or thrashing a kick-drum beyond recognition. 


Brewing something fresh, innovative 
or mind-bending? Send e-mail to 


newprojects@linuxjournal.com. 
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Register now for OSCON 2009, 
discover why open source 
is open for business. 


OSCON 2009 will tackle the hard questions and 
propose some answers: How can open source — 
its tools and its principles — contribute to making 
a difference, both in the business of computing and 
in creating a sustainable lifestyle? In an uncertain 
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REVIEWS 


HARDWARE 


The Kindle 2 


A review of the sleek, slim, sexy successor 
to the Kindle. DANIEL BARTHOLOMEW 


amazonkindle 


Figure 1. The Kindle 2 is the length and width of a paperback book 
and much thinner. 


Everyone knew Amazon would announce a successor to its 
popular Kindle ebook reader. What people did not know was 
when. Thankfully, the time between when the Kindle 2 was 
announced and when it started shipping was short. Now that 
it has been released, it’s time to put Amazon’s Linux-powered 
book reader to the test. 

Like the original, the Kindle 2 is built around an e-ink 
display. The dimensions of the display are the same, but every 
other aspect of the device is either new or modified. Instead of 
being shaped like a wedge, the Kindle 2 is a flat slab. Instead 
of a rubberized back, it has brushed aluminum. Instead of 
angled rectangular keys in a split keyboard configuration, 
it has circular keys in a rectangular grid. Instead of a scroll 
wheel, it has a five-way thumbstick. Instead of four shades 
of gray, it has 16. You get the idea. 


Things the Kindle 2 Does Better 


Let's start with my favorite Kindle 2 improvement: battery life. 
Of all the changes, this is the one | appreciate the most. With 
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the wireless turned on, | can use the Kindle for several days 
before having to charge it. With the wireless turned off, | have 
to charge the Kindle only two or three times a month. This is 
a vast improvement over the original Kindle—when | did not 
have the charger with me, | had to be careful never to turn 
on the wireless except when | wanted to purchase something 
or knew | had a subscription waiting for me to download. 
Turning on the wireless on the original Kindle is a sure way to 
kill your battery life. 

Another improvement is that newspapers and magazines 
are easier to navigate on the Kindle 2. Instead of having to 
use the scroll wheel to select links to jump between different 
articles, | can move the joystick to the left or right anywhere 
on the page to jump between stories. Likewise, a single click 
takes me to the section list. 

Browsing Web sites also is better on the Kindle 2. The 
combination of better graphics and a faster processor makes 
the experience tolerable. It still could be improved, sure, but 
it is a definite step up from the original. Web pages appear 
quicker and are much easier to navigate. 

On the entertainment front, the Find the mines! (aka 
Minesweeper) game (that you can get to by pressing Alt- 
Shift-M) works much better on the Kindle 2. For one thing, 
it's actually playable, which | consider to be a requirement 
for games. The game works so well, | wish there were more 
games. Hangman, Scrabble or some other word game 
would be nice, for example. 

Another improvement is that you now can attach 
notes to individual words, thanks to the five-way joystick 
controller. The original Kindle let you attach notes only to 
individual lines of text. Of course, that being said, there 
aren't many instances where | have wanted multiple discrete 
notes per line, but just in case | do, the feature is there. 
Unfortunately, although the original Kindle can see the 
multiple notes per line that | made on the Kindle 2, it can’t 
select or edit them properly. 


Figure 2. The screen size has stayed the same between the two versions 
of the Kindle. 


Things the Kindle 2 Does 
Differently 

The power and USB ports have been 
combined on the Kindle 2. The included 
power adapter is really just a standard 
USB-A to micro USB-B cable with a wall 
adapter. The use of a micro USB end 
instead of the more common mini USB 
that the original Kindle used is a disap- 
pointment, because | can’t use the same 
cable to connect both Kindles to my 
computer. A lot of manufacturers are 
moving to micro USB, because although 
the width of the plug is the same 
compared to mini USB, it has about half 
the height, which makes it easier to 
incorporate into thinner devices. Two 
years from now, I'll probably have lots 
of micro USB cables, because most 
devices will have moved to it, and it 


Figure 3. The Kindle 2 plug (bottom) is much 
smaller than the plug for the original Kindle. 
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Turn Wireless On? 


Your Kindle wireless is turned off. Do 


you want to turn wireless on? 


@ search store) 


Figure 4. There is no physical switch to turn 
the wireless on and off, so the Kindle offers to 
turn it on for you if you try to do something 
that requires it. 


won't be a big deal. Right now, the 
cable that came with the Kindle 2 is my 
only micro USB cable, so | need to keep 
an eye on it. At least Amazon did not 
do something stupid and create its own 
custom connector. | also hope more 
manufacturers take Amazon’s lead and 
combine both the data and power 
cables. Fewer cables is good, and the 
more devices | can charge with the 
exact same cable, the happier I'll be. 
There is no longer a physical button 


REVIEWS 


for turning the Kindle’s wireless on and 
off. This has both good and bad sides 
to it. For one, if you attempt to do 
something that needs the wireless, the 
Kindle 2 offers to turn the wireless on 
for you. On the other hand, it takes 
more effort to turn the wireless off now 
that it is not a physical switch. It takes 
only a couple clicks from anywhere in 
the Kindle 2 interface, so it's not a big 
deal. And, with the longer battery life, 
| don’t need to stress as much about 
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leaving the wireless on like | did with 
the original Kindle. 


Things the Kindle 2 Does 
Not Do Better 

Despite all the nifty new features, the 
original Kindle did a few things better 
than the Kindle 2. For one, no cover is 
included. Instead, you are forced to pur- 
chase one. | say forced, because with a 
device this expensive and fragile, going 
out without a cover is not a good idea. 
The original Kindle’s cover was not 
anything to be proud of, but it was 
included with every Kindle, and it 
worked well enough, most of the time. 
| happily admit that the covers are 
much better this time around. They 
snap securely into the left side of the 
Kindle 2, and I’m not worried about 
the Kindle 2 falling out of the cover 
like | was with the original Kindle. 


Figure 5. The Kindle 2’s covers are nice, 
but they are no longer included. You have 
to purchase them separately. 


Figure 6. The way the Kindle 2 attaches to the 
covers is more secure than it was with the 
original Kindle. 


Another thing the original Kindle 
did better was contrast. The contrast 
between the gray-ish background and 
the text is just not as good as on the 
original Kindle. It's hard to notice unless 
you have them side by side, but if you 


52 | july 2009 www.linuxjournal.com 


do, it’s instantly recognizable. The text 
on my original Kindle is sharper, darker 
and easier to read than the text on my 
Kindle 2. If there was one thing | wish 
they would have kept from the original, 
the screen is it. | would happily go back 
to four shades of gray if it means better 
contrast. | use the Kindle for reading, 
not looking at gray-scale pictures, and 
why Amazon thought that improving 
picture quality was more important than 
text legibility is a mystery to me. 

There also are a few things the origi- 
nal Kindle had that the Kindle 2 does 
not. For one, the Kindle 2 does not 
have a removable battery. This seems to 
be a trend among consumer electronics 
manufacturers these days. It’s a trend | 
do not like. Maybe it was necessary to 
get the desired thinness and battery life, 
but | still would prefer a removable bat- 
tery. If the battery dies on my Kindle 2, | 
likely will have to send it in to Amazon 
to be fixed. On my original Kindle, | can 
replace the battery myself and even 
carry around spares. 

Another thing that got axed this 
time around is the SD card slot. The 
internal memory of the Kindle has been 
beefed up to 2GB, but that’s no excuse 
in my opinion. Using SD cards was one 
of the ways | used to organize my 
growing collection of ebooks. On the 
Kindle 2, | can carry them all with me, 
but | have to page through screen after 
screen to get to a particular book. Since 
they have removed removable storage, 
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Figure 7. The meminfo screen shows current 
memory usage. 


Amazon really needs to update the 
Kindle software to allow for some sort 
of organizational hierarchy, manual or 
otherwise—folders, tags, genres, 
whatever. Right now, things can be 
displayed alphabetically (by title or 
author), or by how new they are. That's 
a poor way to organize things if you 
have 100+ ebooks on your Kindle. 


New Things the Kindle 2 
Can Do 

So, the question you probably are asking 
is “What's new?” The answer is, not a lot. 
There are a pair of major new features. 
The first of these is Text-To-Speech (TTS). 
Personal computers have had TTS of 
varying quality for decades. | remember 
toying around with a rather primitive 
TTS system for Apple lle computers back 
in the early 1980s, and then there was 
the Macintosh that famously introduced 
itself using TTS, so it’s not surprising 
that TTS has found its way to handheld 
devices like the Kindle. | have found it 
to be a useful feature. 

The TTS system on the Kindle 2 
is powered by RealSpeak Solo from 
Nuance Communications. The quality 
is good, and great strides have been 
made in the past few years with 
regard to making computer-generated 
male and female voices sound more 
natural. It is not a replacement for an 
audio book, but it does come in handy 
for times when | can't look at the 
Kindle but still want to continue reading. 
While driving is the obvious time when 
it would be bad to read the Kindle. | 
also have used the TTS when cooking 
and exercising. 

The Kindle 2 can read text at three 
speeds. The middle setting works the 
best for me, but if | want to cruise 
through several newspaper articles 
quickly, the fast setting does a good 
job. As far as the voices go, | personally 
prefer the male voice. The female voice 
sounds more robotic to me, but I’m sure 
others will feel the same way about the 
male voice. 

For all of its benefits, the TTS feature 
of the Kindle has not been without 
controversy. As soon as it was announced, 
the Author's Guild cried foul and claimed 
that TTS violated authors’ copyrights 
on recorded performances of their 
work. The legal validity of this claim is 
debatable, but Amazon quickly moved 
to settle with the Guild by changing 


TTS through a firmware update so TTS 
could be turned off at the discretion of 
the rights holders. 

In honor of the 15th anniversary 
of Linux Journal, | had the Kindle 2 
“read” the Linus Torvalds interview 
from the very first issue. It’s not per- 
fect, and it’s unintentionally funny in 
places, but it does a good job overall. 
The .ogg file | captured is available 
at www.linuxjournal.com/site_files/ 


Upgrading to Kindle 2 


Dear Daniel, 


We noticed that you previously registered a 
Kindle to this account -- thanks for upgrading to a 
Kindle 2! The following steps will help transfer 
your existing books, subscriptions and Kindle 
e-mail address (used to receive personal 
documents), to your new Kindle 2. 


1. If you wish to transfer subscriptions or a Kindle 
e-mail address use the 5-way controller to click 
the link below: 


Transfer subscripti Kindle e-mail add 


2. To download your previously purchased Kindle 
books, open Archived Items from the Home screen. 
Your past book purchases will be listed and can 
be re-downloaded whenever you want for free. 
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Figure 8. The Kindle 2 includes a helpful 
and personalized letter to walk you through 
downloading your files. 
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Figure 9. If you have an original Kindle, you 
will be prompted to download your previously 
purchased items. 


video/interview_with_linus.ogg if 
you want to listen to it. 

The second major new feature is 
synchronization of your page position, 
bookmarks and notes between devices. 
Now that there are multiple versions 
of the Kindle out there, and a Kindle 
iPhone application, it's a safe bet that 
people will read their Amazon ebooks 
on two or more different devices. When 
| first turned on the Kindle 2, part of 
the getting started process had me go 
to the Archived Items section of the 
Kindle interface and download the 
books | had purchased previously for 
my original Kindle. A week before the 
Kindle 2 started shipping, Amazon 
made a firmware update available for 
the original Kindle that added the 
synchronization functionality, so when | 
opened the books on the Kindle 2, they 
opened to the page | was reading when 
| last had them open on my original 
Kindle. All of my notes and bookmarks 
were there too. This made switching to 
the new device painless. 

The unfortunate thing about all 
this synchronization goodness is it 
works only with items purchased from 
Amazon. Books from other sources 
cannot be synchronized wirelessly. | 
wish it weren't this way, but | can see 
Amazon's reasoning. The cell network 
access the Kindle uses is not free, 
after all, but | still don’t like the 
synchronization not working for 
non-Amazon items. 


Hacking the Kindle 2 

Like the original Kindle, the Kindle 2 has 
several hidden features. One of these is 
the 411 information page. To display it, 
go to the main screen, choose Settings 
from the menu to go to the settings 
page, and then type 411. The 411 
page then appears. | would include a 
screenshot, but the page is filled with 
things like the Kindle’s serial number 
and other information that should 
not be made public. 

Another thing the Kindle 2 has that 
the original Kindle had is a debug 
mode. To get to the mode, bring up the 
search box and enter ;debugOn, and 
press the Enter key. Then, bring up the 
search box again, and enter “help to 
show the various debug commands that 
are available. There’s no documentation 
for what the listed commands do. And, 
if you break your Kindle messing around 
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My Kindle Wish List 


| believe the Kindle 2 is the best ebook reader on the market right 
now. However, it’s not perfect. Here is a list of six things | hope will be 
part of the Kindle 3: 


1. A touchscreen: a device like the Kindle needs a touchscreen. 
When | hand the Kindle to people to try, nine times out of ten, 
they will try to tap on the screen to select an item. Every review 
I've read of the Kindle 2 talks about how much better the 
joystick is than the scroll wheel on the original Kindle. | say 
a touchscreen would have been better. 


2. Folders or tags: there needs to be a folder or tag method for 
organizing files. Empirical ordering by author, title or date has 
its place, but for ease and speed of access, a good logical lay- 
out works best for me (especially when | create the layout). 


3. Slide-out keyboard: the keyboard isn’t used much on the 
Kindle. For the 95%+ of the time when I’m not using the key- 
board, | would like it to disappear. Cell phones have had sliding 
keyboards for years. It shouldn't be too difficult to add one to 


the Kindle and free up space for either a bigger screen or a 
smaller physical size. 


. Real keyboard keys: while I’m on the subject of the Kindle’s 


keyboard, the chiclet keys are terrible. The Kindle 2 has the 
space—put some decently sized keys there. | realize both this 
and suggestion #3 will make the Kindle thicker, and I’m okay 
with that. The Kindle still would be thinner and lighter than 
nearly every book on the market. Call it the “pro” version and 
charge a premium. Better still, make the current version the 
“lite” version (and drop its price by $100+) and sell the “pro” 
version for the current price. 


. Microphone: add a microphone to the Kindle 2 and make it 


possible for me to create voice notes. Let me attach them to 
specific passages in books just like regular notes. 


. Removable battery: bring back the removable battery. Don’t get 


me wrong, | love the extended battery life, | just don’t like that 
the battery is now not removable. 


with them, Amazon probably will con- 
sider you to have broken your warranty. 
That said, one hacker found that the 
“usbQa and “usbNetwork commands 
enabled him to tether his Kindle 2 to his 
computer. It's not the kind of tethering 
where the computer was getting its 
Internet access from the Kindle 2 (like 
what you might do with mobile phone 
tethering). Instead, the Kindle 2 was 


able to connect to the Internet using the 
network connection of the computer. 
This is not terribly useful, but it’s there if 
you want to experiment. 

The Kindle 2 runs Linux, and a lot of 
the software it uses is licensed under 
the GPL or the BSD license. Some of 
the more interesting pieces of software 
include syslog-ng, u-boot, monit, Irzsz, 
iptables, gstreamer, BusyBox, dosfstools, 


e2fsprogs, ALSA, mtd-tools, bzip2, 
libpcap, ncurses, ppp and strace. The 
presence of BusyBox in particular sug- 
gests that a command-line environment 
of some kind should be available—if 
BusyBox had the right features enabled 
when Amazon compiled it, which it didn’t. 
One hacker discovered that statically 
compiled Linux ARM binaries work just 
fine on the Kindle 2, and he was able 
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Figure 10. The debug mode “help screen—the 
backticks () are required. 
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Figure 11. Turning on the hidden debug mode. 
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Figure 12. Some of the dialogs that appear 
when mucking around in Debug mode are 
less than helpful. 


to replace the onboard BusyBox with one he had compiled for 
the Android platform, which had Telnet enabled. This let 
him Telnet into his Kindle when it was connected to his 
local network via the USB tethering trick. 

The Kindle 2 is less hackable than the original Kindle 
(there's no external serial port, for example), but determined 
individuals have been able to poke and prod at the hardware. 

On the software side, there's a cat-and-mouse game 
currently being played out that looks a lot like what went on 
a few years back with Apple and its iTunes/iPod DRM. People 
are posting scripts that help you use encrypted Mobipocket 
files purchased from other on-line sources, to which Amazon 
responds by serving DMCA takedown notices. The scripts then 
surface on different sites hours later. Amazon then changes its 
DRM, which breaks the scripts. Updated versions of the scripts 
surface the next day. And, the cycle keeps going. 

There is one neat project all of this hacking has enabled 
that I'd like to mention in closing: Savory. This is software that 
runs on the Kindle that will convert .pdf and .epub files into 
Kindle-compatible .mobi files automatically. It also updates 
the built-in Web browser to accept .pdf and .epub as valid, 
supported media types. Battery life is impacted with this 
package installed, but not by much, and the ability to navigate 
to, download and automatically convert .pdf and .epub 
documents without having to make a trip to my desktop 
computer makes it worth it. 


Conclusion 

So, is the Kindle 2 worth it? Maybe. If you have an original Kindle, 
it’s a tossup. There are a lot of nice improvements, but if the 
original Kindle is working for you, there really is no compelling 
reason to make this a must-have upgrade. If, on the other hand, 
you don’t have a Kindle, the reasons and justifications for getting 
the original Kindle still apply: get one if you love to read and 
don't like (or can’t) carry around all the books you want to read. 
The Kindle 2 is the best of the current crop of ebook readers, 
and if you've been wanting to get an electronic reader, you 
could do a lot worse than the Kindle 2.m 


Daniel Bartholomew lives with his wife and children in North Carolina. 


Resources 


Instructions on connecting to the Internet from your 
Kindle, through your computer: blog.fsck.com/2009/03/ 
tethering-your-kindle.html 


An unofficial firmware update tool for the Kindle 2: 
igorsk.blogspot.com/2009/03/kindle-2-tidbits.html 


Telnet on the Kindle 2: blog.fsck.com/2009/03/ 
a-productive-evening-so-far.html 


DMCA Takedown Notice from Amazon: 
www.mobileread.com/forums/showthread.php?t=41929 


Savory: a native ebook converter for Kindle 2: 
blog.fsck.com/2009/04/savory.html 
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Indamixx: an On-the-Go 
Recording Studio? 


The Indamixx portable recording studio is built around a Linux multimedia real-time 
operating system and provides an unprecedented level of software integration and 
refinement for audio tasks. DAN SAWYER 


You've wanted to be a 
record producer, right? Or, 
you've wanted to be able to 
set up and record impromptu 
interviews and panels at 
tradeshows and conventions? 
What if you could do it all, 
on Linux, with a couple 
decent mics and a device 
you can carry in your pocket? 
Ever imagined being able to 
produce original content 
everywhere? 

You don’t have to 
imagine anymore. Since 
November 2008, a little 
company called Indamixx has 
been putting out just such a 
marvel. Built on a Samsung Q1 Ultra 
chassis, this little handheld does its 
best to deliver on a very impressive list 
of marketing promises. 

| unwrapped this lovely little toy box 
and had it virtually glued to my hip for 
the five weeks | reviewed it. It starts 
up fast; it works slick; the physical and 
virtual interfaces are very well put together, 
functional and fast. It did almost 
everything | asked of it, and its battery 
life was impressive on top of it all. 

In the course of my review, | edited 
a half-hour radio drama, recorded a 
five-person roundtable podcast over 
Skype, did an extensive amount of 
blogging, wrote two articles for Linux 
Journal, did a couple photo shoots and 
composed a couple tunes, and took it 
round to a club for a shakedown. 


The Good 

In terms of advertised features, the Q1 
was an excellent platform to begin 
with. Touchscreen-based with three USB 
ports and a monitor jack, it docks easily 
at a desk and moves quickly with you. 
The screen is clear and contrasty 
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SAMSUNG 


Indamixx/Ardour 


enough to do work on its own most of 
the time, at least for work where you 
don't need a lot of vertical resolution 
(the drawback of the ultra-widescreen 
aspect ratio). 

It's very small, light and only 
marginally more difficult to lug around 
than an iPod. At first blush, it's a hell 
of a little gadget. 

Appropriate for its intended task, it 
has a pair of built-in stereo microphones 
that do proper left/right separation and 
exhibit a serviceably low noise floor 
for casual interviews and note taking. 
| put those microphones to the test in 
a couple interviews and, even while 
driving, they exhibited good enough 
discrimination for transcription. Score 
one for the Indamixx. 

Of course, those are all properties of 
the hardware layer, which is a commod- 
ity device made by Samsung and can be 
had off the shelf for about $800. The 
real genius of this box is that the folks 
at Trinity Audio who designed it paid a 
lot of attention to detail in their choice 
of software packages as well. The Q1 
is a pretty anemic hardware platform 


from the spec sheet, but 
Trinity managed to pull out 
every spare processor cycle 
from this. 

Pro-audio applications in 
all flavors of Linux—Ardour, 
energyXT, Rosegarden and 
so on—all run atop the 
recursively named Jack 
Audio Connection Kit 
(JACK), a real-time server 
layer that gives pro-audio 
apps direct, low-latency 
access to the DSPs and MIDI 
devices. Digital Audio 
Workstations (DAWs) built 
on Linux must play nice 
with JACK, and “playing 
nice” can be measured in two ways: 


1. How easy is it to get real-time 
performance out of JACK? 


2. How many of the distribution’s 
applications come prebuilt for 
JACK compatibility? 


The answer to #1 should be pretty 
easy, because a real-time kernel patch 
is available for most distributions, and 
if it isn’t available for yours, you 
always can build it. But, it isn’t all 
that easy. The processes your distro 
runs, the other kernel modules you 
load and a dozen other things about 
distro architecture can make the 
difference between a system that will 
serve you well and one that will drive 
you bonkers. Because of this, the 
various Linux distributions do so with 
varying degrees of success, from 
the just-plain-awful vanilla SUSE to 
the tolerable Ubuntu Studio to the 
excellent 64 Studio. 

As for question #2, there is a simi- 
lar gradient among distributions for 


JACK compatibility with application 
packages, from the “just about noth- 
ing unless you compile it yourself” end 
to the “almost anything you could 
want” end of the spectrum. 

So, how does the Indamixx’s OS, 
called Transmission, stack up? Not 
to put too fine a point on it, but it 
is hands down the best-engineered 
Linux distribution I’ve ever laid my 
eyes on. Trinity took the best-of- 
breed 64 Studio distro and made 
it better, getting every program to 
route through JACK, including such 
normal recalcitrants as Skype and 
Flash—and did it all so well that | 
very rarely encountered any xruns, 
even when recording while | browsed 
the Web, and even when hooked 
up to notoriously slow external USB 
pro-audio gear. 

The Indamixx recognized the afore- 
mentioned pro-audio gear without 
batting an eye—both the mixing 
surfaces and the A/D converters, and 
pretty much the only thing | found 
myself wanting was more USB ports 
(advice: use a hub with this thing). It 
played nice with Samba (though not 
NFS) right out of the box. Its Wi-Fi 
found signals where both of my lap- 
tops have trouble locking on, and even 
with my stubby fingers, the built-in 
thumb-keyboard and touchscreen 
were a breeze to operate. 

The power management features 
also worked without a hitch—from 
blanking to sleep to hibernation, | 
encountered none of the problems 
that portable users commonly 
encounter on Linux. Add that to the 
startup time of less than a minute, 
and you've got a device that seems 
ideal for its advertised ends: 


@ Recording and mixing. 
@ Building dance loops and remixes. 
@ Diing. 
@ Podcasting. 
m@ Mastering. 

The Indamixx’s list of software 
packages is no less impressive. The 
selection of programs is deliberate 


and lean. Everything one needs to 
accomplish, virtually any audio task, 


The Capabilities 


| found that the Indamixx can comfortably maintain real time on its internal hard 
disk while recording four tracks simultaneously or when playing back four with 
reverb and other complicated effects applied. 


as well as some video and other 
graphics tasks, comes installed and 
built with a number of performance 
enhancements: GIMP, Blender, 
Ardour, a portable version of Firefox, 
the commercial DAW program 
energyXT, SHOUTcast and DJ mixing 
software, hundreds of LADSPA plug- 
ins, a properly functioning VST server 
(another rarity on Linux), the always- 
handy Skype and a boatload of remix 
samples and MIDI voices. 


The Bad 

The Indamixx is advertised as an all- 
purpose DAW and is heavily marketed 
to DJs and those who work with live 
music. That means the people most 


likely to buy this device also are those 
most likely to use it in nightclubs and 
dive bars. 

Such environments are filled with 
a number of hazards that, frankly, the 
designers of the Q1 and those who 
picked it as the Indamixx platform didn't 
consider. Those hazards include such 
things as spilled drinks, smoke, ash 
and particulates from pyrotechnics, 
high humidity and high temperatures, 
high levels of vibration (from speakers) 
and so on. 

In addition, there are ergonomic 
issues that make working with the 
Indamixx in a club situation some- 
what less than optimal. Simply put, 
it doesn’t fit anywhere, and it’s easily 
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How to Clean Your Gear 


So, someone has spilled beer on your gear, or it’s gotten so gummed up with tar 
and gunk that it’s not working anymore. What do you do? 


First, if the offender is a liquid, cut the power immediately. If the unit has batteries, 
pop them out. If it’s plugged into the mains, pull the plug. The sooner you do this, 
the more likely you are to save the unit. Once this is done, you can proceed on a 


non-emergency basis. 


Second, get yourself some deionized water. It’s important that you use completely 
fresh water that’s been filtered by deionization, rather than by any other process. 
This removes all of the electrical potentiality from the water (as well as the electrolytes), 


so it’s safe to use to clean your gear. 


Third, disassemble the equipment and bathe all of the affected parts in the water. 
Scrub (with a clean, static-free cloth) any tars, residues, sugars or anything else 


off the gear. 


Fourth, seal each piece in a ziplock bag or airtight container with either uncooked 
rice or (preferably) silica gel to dry. Leave it there for several days. 


Finally, reassemble the gear, taking care not to subject it to static discharge. 


At this point, so long as you've put everything together properly, your gear should 
once again be in perfect working order, unless something fried during those first 
few seconds. This procedure works equally well for mixing boards, amplifiers, 
laptop computers, hard drives and rack gear. 


knocked off the edge of a table. 
There is no custom mounting hard- 
ware available for it, which means 
its hazard risk is at maximum in a 
club environment. 

Let's face it, the Indamixx is flimsy. 
Despite its solid feel, the Q1 Ultra is 
made of thin, brittle plastic—difficult 
to disassemble and upgrade despite 
being user-serviceable and easy to 
break during service. Similarly, its 
touchscreen is ill-protected and prone 
to scratching (not to mention break- 
ing if dropped), and there is no cus- 
tom hard case available for the unit 
that adequately protects the screen. 
Worse still, it’s a hard-disk-based 
machine, and the hard disk is neither 
shock-resistant nor mounted with 
shock absorbers. This means that, 
when running, a fall from desk height 
onto a hard floor has a very good 
chance of irrecoverably crashing the 
heads. Given the purposes for which 
this unit is advertised, it isn’t in the 
least bit moisture- or smoke-resistant. 
Not all the ports have protectors; 
there’s no sealing grommet at the 
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seams, and the ventilation holes have 
no splash screen. 

Of course, very few computers of 
any form factor are hardened against 
these kinds of hazards, and even 
fewer at this price point. Because of 
that, it might seem kind of petty to 
complain about those things, but the 
folks at Trinity Audio have advertised 
this remarkable handheld as being 
suitable for tasks that it simply can’t 
stand up to long term, and that’s not 
good for anybody. 


The Ugly 

A couple other minor points about 
this unit just aren't pretty, and they 
also have to do with the marketing 
literature. The Indamixx’s sales 
brochure advertises the ability to 
record at 96KHz in 32-bit float for- 
mat, and although this is technically 
true (that is, the hard disk will keep 
up with it), it implies that what you 
get in the box is what you need to do 
this, and that simply isn’t true. The 
unit comes with no pro-audio inter- 
face, nor did it come with a list of 


compatible hardware so that some- 
one building a studio around this unit 
could select an appropriate A/D con- 
verter (at the time of this writing, a 
list of such devices can be found on 
the Web site, but | have no way of 
knowing whether the list is included 
with the product). 

The other ugly point is the price. The 
unit retails for just under $1,200, which 
is pretty steep. 


The Verdict 
| love the Indamixx. | wish | could afford 
one. | had more fun and got more work 
done with this little thing than | ever 
expected. It has, bar none, the best 
multimedia implementation of Linux | 
ever have seen—the care that has gone 
into the software design on this unit is 
nothing short of astounding. 

The problem is, this unit is ill- 
adapted for the very environments 
I'd use it in most: bars, nightclubs, 
restaurants, film sets and other 
rugged on-the-go situations. It’s not 
robust enough to do the very tasks 
for which it is otherwise ideal. 

Because of that, | can’t give it my 
unconditional recommendation, much 
as I'd like to. If you have the $1,200 to 
spare and need to do a lot of audio 
work on business trips, planes or at 
conventions, this is the ideal machine 
for you. If you're looking for something 
that'll hold up well in hard-core produc- 
tion situations, you'd be better off 
buying the $600 laptop model that 
Indamixx also sells and spending some 
of the balance on hardening the 
machine to make it safe for the environ- 
ments where you're going to be work- 
ing. Perhaps dropping some of the 
spare cash on a good pro-audio inter- 
face also would be a good idea. This 
solution won't give you something quite 
as portable, but it will give you almost 
all of the good points of the Indamixx’s 
exquisite portability and software design 
without being constrained by its pro- 
found drawbacks.m™ 


Dan Sawyer is the founder of ArtisticWhispers Productions 
(www.artisticwhispers.com), a small audio/video studio in 
the San Francisco Bay Area. He has been an enthusiastic 
advocate for free and open-source software since the late 
1990s. He currently is podcasting his science-fiction 
thriller Antithesis and his short story anthology Sculpting 
God. He also hosts “The Polyschizmatic Reprobates Hour”, 
a cultural commentary podcast. Author contact information 
is available at www.jdsawyer.net. 
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s a Linux Journal reader, you’ve probably stumbled across 

Google Android here and there. You’ve probably read an 

introductory article or maybe you even downloaded an SDK 

and coded an application or two. If you haven’t, | encourage 

you to do so, as this article is not an Android overview. I’m not 
going to talk about the Android architecture and application development; plenty 
of good articles already exist on those subjects. See this article’s Resources for 
some links to Google video lectures about the Android architecture and Android 
application basics. However, if you have some basic knowledge of Android and 
would like to learn a bit about cellular telephony and how it is implemented in 
Android, this article is for you. 

Android is all about applications. Almost every article and discussion on this 
subject revolves around the SDK, the Dalvik Java VM and the Android Market. In 
fact, it is quite difficult to find an Android article that doesn’t mention applications. 
With all this hype, it’s easy to forget that the Google phone is, after all, a phone, 
which (surprise, surprise) is supposed to make phone calls. So, this article takes 
a different route and instead of focusing on applications, it focuses on Android 
telephony—from the application API down to the cellular baseband hardware. 
This part of Android is not very well documented, but fortunately, Google has 
released most of the code under the Apache open-source license. 

Before | start talking about APIs, daeemons and all the really interesting stuff, 
it’s worth mentioning that although it seems like Android has all the hype, at least 
as far as Linux-based mobile phones are concerned, when you look at the facts, 
you will discover that actual Android adoption is far more modest than what Google 
would like you to believe. Currently, only one company (HTC) manufactures 
Android-based phones, and it has two variants sold by T-Mobile. A few other 
companies (Samsung, for instance) have announced that they are going to 
launch an Android-based phone some time during 2009. There are actually a few 
dozen other Linux-based mobile phone models on the market that are based on 
a competing platform, described in more detail below. 


Mobile Phone Hardware Architecture 

Before going into software, it is important to understand 
the underlying cellular telephony hardware architecture. 
Unfortunately, there are no standards in this area, and every 
model from every company may look completely different. 
Still, there are some common ideas and industry trends in 
cellular reference designs; a block diagram of cellular phone 
basics is shown in Figure 1. 


Figure 1. Simplified Cellular Phone Hardware Block Diagram 


Figure 1 omits many crucial hardware components that 
have nothing to do with software architecture and, therefore, 
are not very relevant in the context of this article—after all, the 
goal here is to understand the telephony software stack. 

Sometimes the application and communication (or baseband) 
processors are, indeed, different chips. However, more often 
than not, both CPUs reside on the same die or at least the 
same package. This is the case with the HTC/T-Mobile G1, 
which is based on a Qualcomm MSM7201A multicore CPU 
and includes an application processor (ARM11), a communica- 
tion processor (ARM9) and some other cores, including a GPS. 
Sometimes a single CPU is used for both application and base- 
band tasks, usually in simple low-end phones. The distinction 
between application and communication processors is especially 
important in the context of software: when there is only one 
core used for both application and communication processing, 
the software stacks are quite different. 

The application processor usually controls the screen and 
keyboard and runs the software stack that interacts with the 
user, including various applications. It usually runs some 
generic operating system, such as Linux, Windows Mobile or 
Symbian. The communication processor runs a cellular protocol 
stack on top of some RTOS, such as Nucleos or Thredx. 
Although the application software can be open source in some 
cases, the cellular protocol stack always is distributed as binary 
only. The PM chip is responsible for power management, and 
the RF for conversion of baseband to radio frequencies. Other 
peripherals, such as the LCD, keypad, speaker and microphone 
do not need further explanation. 

It is important to note that the communication processor is 


With all this hype, it’s easy to 
forget that the Google phone 
is, after all, a phone, which 
(surprise, surprise) is supposed 
to make phone calls. 


responsible for cellular communications only (both voice and 
data). Wi-Fi, Bluetooth and other communication protocols 
are beyond the scope of this article, as they are conceptually 
different and often better documented. 


Google Android 

Android is a software stack for mobile phones. It includes a 
modified version of the Linux OS, middleware (which is the 
topic of this article) and some applications. The SDK is avail- 
able free of charge and can be downloaded from the Google 
Web site. The Android sources also are available and can be 
fetched from a GIT repository, although some important parts 
are missing. 


Official Android Telephony 
As shown in Figure 2, Android consists of a runtime, libraries 
and application framework modules. 


Communication Processor 


Figure 2. Android Architecture Block Diagram 


Figure 2 shows only the modules that implement telephony 
functionality; for a more detailed diagram, refer to the Google 
Android overview page. 

Telephony manager, which is part of the Android application 
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GSM AT Commands 


AT commands are the most common interface between 
cellular application and baseband processors, used by the 
majority of the cellular software stacks, including Android. 
They are defined in the 3GPP standard 27.007. They can 
be divided roughly into the following groups: 


B Call control commands, such as ATD to dial a number. 


@ Network service commands, such as AT+CREG for 
network registration. 


framework, provides a telephony API to user applications. It 
consists of the android.telephony and android.telephony.gsm 
Java packages. This official telephony API is fully documented 
in the Android developer reference guide, so | don’t describe it 
here in detail. It is far more interesting to check what impor- 
tant functionality is not included in this API, which turns out to 
be quite a lot. The current Telephony Manager API is mostly 
limited to providing phone and network status information, 
such as call state (idle, offhook or ringing), network operator 
name, roaming state and so on. The only parameters you can 
change are network operator name and selection mode, using 
the setOperatorName() and setlsManualSelection() calls, 
respectively. And, the only action you can perform is SMS, 
using sendDataMessage() and sendTextMessage(). This API is 
rather spartan to say the least, and it lacks many important 
functions. For instance, it is hard not to notice that all voice-call- 
related functionality is missing, yet some (platform) applications, 
such as Phone, manage to implement it. 


This API is rather spartan to 
say the least, and it lacks 
many important functions. 


Not only is this API not sufficient to create any useful 
telephony applications, it also is rather inconsistent. There is 
no clear architecture behind the class structure, and it is not 
obvious how support for other RATs (radio-access technologies) 
apart from GSM, such as CDMA200 and LTE, will work. 


The RIL Telephony 

The first thing you discover when you look at the Android 
telephony API in detail is that it is not fully open. There is a lot 
of important functionality in the com.android.internal.telephony 
package. For instance, the Phone application uses this internal 
API to make/answer a call and access the SIM. This API is not 
documented. It can and probably will change in the future, 
and generally, it is not intended for use by applications that 
are not part of the Android platform—so much for the 
“All applications are created equal” motto. Fortunately, this 
API is documented pretty well in the source code of the 
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@ Mobile control, such as AT+CPBR to read a phone book. 
m SMS commands, such as AT+CMGS to send an SMS. 


m GPRS commands, such as AT+CGDCONT to define 
PDP context. 


Many other commands exist, including some nonstandard 
vendor-specific commands. For a more detailed description, 
refer to the latest standards document. 


Base framework module, which can be found under the 
frameworks/base/telephony/java/com/android/internal/telephony 
directory inside the Android sources. 

The architecture block diagram shown in Figure 2 implies 
that privilege—that is, platform telephony applications use the 
com.android.internal.telephony package, although mortals are 
stuck with android.telephony. 

This internal framework module communicates via UNIX 
domain sockets with the RIL (Radio Interface Layer) daemon 
rild, which is written in C as one would expect (not Java). The 
majority of the telephony functionality of the RIL daemon is 
implemented in the RIL library. Both the RIL daemon and the 
library sources, along with a reference RIL driver, can be found 
under the hardware/ril directory. The RIL deamon communi- 
cates using AT commands with either the RIL kernel driver (via 
the read/write interface when it is running on real hardware) 
or with the SDK emulator (via the socket interface). The RIL 
kernel driver is probably just a dumb pipe that forwards AT 
commands to the baseband processor via the appropriate 
hardware interface. Unfortunately, this part of Android 
telephony is neither documented nor open source. There 
is only a so-called reference RIL implementation in the 
hardware/ril/reference-ril directory. So, one has to guess what 
exactly goes on down there on real hardware. The reason this 
part is not open source is probably the same reason as the one 
that prevents some companies from releasing Wi-Fi firmware— 
regulations in many countries do not allow for manufacturers 
to provide direct access to radio hardware to end users. 

Going back to the internal telephony API of the 
com.android.internal.telephony package that platform 
applications such as Phone use, you will find that the most 
important methods are in the Phone and SimCard interfaces 
as well as the Call and Connection abstract classes. The source 
code below shows some of the most important methods. 

The Phone interface has methods that are used to place, 
accept or reject a call: 


public interface Phone { 
Connection dial(String dialString) throws CallStateException; 
void acceptCall() throws CallStateException; 
void rejectCall() throws CallStateException; 
void setMute(boolean muted) ; 


void startDtmf(char c); 
void sendDtmf (char c); 
void stopDtmf(); 


A Call object is created when you answer a call, and 
the Call class methods implement call-related functionality 
allowing you to, among other things, hang up: 


public abstract class Call { 
public abstract void hangup() throws CallStateException; 
public boolean isRinging() 
public abstract boolean isIncoming(); 


The Connection class is related to the Call class shown 
above. A Call can have a number of associated Connection 
classes accessible via the getConnections() method, while the 
Connection class has a reference to the corresponding Call, 
returned by the getCall() method). To be honest, | didn’t 
manage to understand from the Android source code when 
and why there would be multiple connections in one call. 
Some telephony routines work with the Call class—for 
instance, those used to answer the call. Others work with the 
Connection class—for instance, it is returned by the dial() 
method of the Phone class. As you can see from the list of 
important Connection methods, their functionality is similar: 


public abstract class Connection { 
public abstract void hangup() throws CallStateException; 
public boolean isRinging() 
public abstract boolean isIncoming(); 


Finally, the SimCard interface provides an access to a SIM 
card via methods that allow users to supply a PIN (Personal 
Identification Number) and a PUK (Personal Unblocking Key), 
which is used to unblock the PIN: 


public interface SimCard { 
void supplyPin(String pin, Message onComplete) ; 
void supplyPuk(String puk, String newPin, Message onComplete) ; 
void supplyPin2(String pin2, Message onComplete) ; 
void supplyPuk2(String puk2, String newPin2, Message onComplete) ; 
State getState(); 


The SIM state, returned by the getState() method, can be 
either ready, PIN/PUK required or network locked. 

If you are interested in the Phone interface implementa- 
tion, you should check the PhoneBase class that implements 
some of its methods. The rest, which are RAT-dependent, 
can be found in GSMPhone, which extends the PhoneBase 
class and is part of the com.android.internal.telephony.gsm 
package. The SimCard interface and the GsmSimCard class, 
as well as Call and GSMCall, follow the same approach. GSM 
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currently is the only RAT supported by the Android platform, 
but Qualcomm has announced that it is working on CDMA2000 
support. More technologies, such as LTE (Long Term Evolution), 
may be supported in the future. 

Another important class is Telephonylintents, which defines 
intents—that is, events (in Android parlance) that the telephony 
framework can produce: 


m ACTION_SERVICE_STATE_CHANGED: the phone service 
state has changed. 


@ ACTION_SIGNAL_STRENGTH_CHANGED: the phone's signal 
strength has changed. 


m ACTION_ANY_DATA_CONNECTION_STATE_CHANGED: 
the data connection state has changed for any one of the 
phone’s mobile data connections. 


m ACTION_DATA_CONNECTION_FAILED: an attempt to establish 
a data connection has failed. 


m ACTION_SIM_STATE_CHANGED: the SIM card state 
has changed. 


The Phone application (in the PhoneUtils class of the 
com.android.phone package) uses these methods to place 
or answer a call in the following way: 


public class PhoneUtils { 
static boolean answerCall(Phone phone) { 


Call call = phone.getRingingCall(); 
phone. acceptCall(); 


} 
static int placeCall(Phone phone, String number, Uri contactRef) { 


Connection cn = phone.dial(number) ; 


The above code sample demonstrates only the most basic 
telephony functionality; however, along with the API outlined 
above, it should give you a good starting point for writing 
Android telephony applications. If you decide to do so, you 
probably won't be able to avoid having to dig in to the Android 
sources for more details. | hope having a bit more of an in-depth 
understanding of how cellular telephony works under the hood 
of the high-level Java API will help you in this endeavour. 

Note that this article is based on the Android 1.1 SDK r1 and 
the Android main git branch snapshot taken on March 24, 2009. 
Because Android is being developed constantly, some of the APIs 
mentioned in this article may have changed since that date. 


LiMo Foundation 


The LiMo Foundation is an industry consortium that defines an 
open, Linux-based software platform for mobile phones. So 
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far, this sounds very much like Google Android, but when you 
look closer, you discover many important differences. First, 
LiMo is a consortium of many companies, while Android is 
a pure Google affair. Among LiMo’s members are cellular 
operators, mobile phone manufacturers, semiconductor 
companies and software vendors—pretty much the whole 
mobile industry. Member companies include NEC, NTT 
DOCOMO, Samsung, Vodafone, Motorola and many other 
large telecom companies. 

Google and the Android Open Handset Alliance (OHA), 
on the other hand, are newcomers in this market, and they 
will have to persuade handset manufacturers to adopt their 
platform, which, in some cases, means ditching their own 
platform in favor of another one. The LiMo Foundation was 
created long before OHA, which explains why there are 
dozens of LiMo-based phones on the market, compared 
with only two Android ones. Note, however, that the OHA 
members list is impressive as well, and it continues to grow; 
many companies are members of both LiMo and OHA. 

Another important difference is that the LiMo Foundation 
does not provide an SDK. As a consortium, it is responsible for 
specifications only, and it defines a very clear and comprehensive 
specification of all the components of the LiMo platform, 
including a full telephony API both for applications and cellular 
modem vendors, which is once again something that Google 
Android lacks. The API was defined by companies having 
significant experience in this field, and it is not surprising that it 
includes all the telephony features one would expect, such as 
support for dialing/call answering, SMS, network selection, SIM 
access and more. It is up to LiMo’s member software companies 
to produce LiMo-compliant SDKs. None are available at the time 


Communication Processor 


Figure 3. LiMo Architecture Block Diagram 


of this writing, but a few companies made announcements 
during MWC09 (Mobile World Congress), and we should expect 
the first versions some time during 2009. 

The LiMo platform architecture shown in Figure 3 consists 
of an application manager and User Interface (UI) frameworks, 
and middleware running on top of the Linux kernel which 
provides access to all hardware peripherals, including cellular 
modem and device drivers. 

Contrary to Android, applications are written in C/C++ 
instead of Java, and the UI is based on GTK+. The LiMo plat- 
form provides applications with all the services that one would 
expect from a mobile phone software stack, such as UI, application 
management, telephony, networking and messaging, IPC, 
multimedia, database, security and more. 

For more details about the LiMo architecture and API, 
check the relevant whitepapers on the LiMo Web site. 

Even though LiMo currently dominates the Linux-based 
phone market, Google Android has created a huge momentum 
that may change this situation. It also is possible that, in 
the end, each software stack will be used in its own niche: 
Android in the high-end smartphones and LiMo in more 
conventional devices. 


Alexander (Sasha) Sirotkin has more than ten years’ experience in software, operating systems 
and networking. He currently works on the LTE (Long Term Evolution) Project at Comsys Mobile 
and lives with his wife and kid in Tel-Aviv, Israel. Alexander can be reached via e-mail at 
sasha.sirotkin [AT] gmail.com. 
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guide/basics/what-is-android.html 


An Introduction to Android: sites.google.com/site/io/ 
an-introduction-to-android 


Anatomy and Physiology of an Android: sites.google.com/ 
site/io/anatomy--physiology-of-an-android 


Inside the Android Application Framework: sites.google.com/ 
site/io/inside-the-android-application-framework 


Android SDK: developer.android.com/sdk/1.1_r1/ 
index.html 


Android Source: source.android.com/download 
Open Handset Alliance: www.openhandsetalliance.com 
LiMo Foundation: www.limofoundation.org 


LiMo API: www.limofoundation.org/en/ 
technical-documents.html 


3GPP Standards: www.3gpp.org 


GSM AT Commands: www.3gpp.org/ftp/Specs/ 
html-info/27007.htm 
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HACKING 


Your Portable 
Linux Server 


TURN A WESTERN DIGITAL MYBOOK Il INTO A 
PERSONALIZED, PORTABLE LINUX SERVER. 


n the past few months, a small community has been budding around the Western 
Digital MyBook II, a popular paperback-sized external hard drive. It quickly was 
discovered that the Ethernet-capable version was powered by an embedded Linux 
system, and a word-of-Web process started to break its security to gain SSH 
access, install additional services, tune functionality and more. It resembles the 
phenomenon spawned by the hacking-friendly Linksys WRT54G, albeit on a smaller scale. 

Thrilled by what | was seeing, | started to consider building a small appliance of my 
own, and Western Digital’s sudden revamping of its product line brought the eBay prices 
of older models below the $100 mark, which converged nicely with my manager’s request 
for a daily backup scheme enabling downtimes of less than a day should the worst 
happen to my laptop. 

So, off | went, intent on hacking out my own Linux-based NAS. | acquired two units: 
the smaller, single-drive 500GB model (less than $100 on eBay at the time of this writing) 
and a larger, RAID-capable, twin-drive model spanning one terabyte ($300 for a used unit). 
Given the ever-falling prices of hardware and the expanding product offering, you should 
be able to purchase these at lower prices or with larger capacities. It also is worth noting 
that nothing prevents carefully opening up the device’s innards and replacing the enclosed 
SATA drives with larger-capacity ones. One final bit of shopping advice: the drives 
addressed in this article are Ethernet-capable World Edition models, all of which have 
entirely white cases. 


FEDERICO LUCIFREDI 
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THE 


Upon first inspection, the device resembles a small book, with 
a perforated, Morse-code patterned edge that enables vent- 
ing—if you actually decode the message, you will find a few 
words and a couple typos in it. The unit is rather silent and 
generates no more noise than the average hard drive. The 
front of the device sports two concentric LED rings, circling a 
single button used to power on and off the device. In addition 
to showing the on/off state of the device, the LEDs also are 
used to visualize disk activity as well as to provide a stylish disk 
capacity gauge (Figure 1). 


A 


Figure 1. The Single-Drive Device Lurking on the Author's Desk 


On the inside are one or two 500GB 7,200 RPM SATA 
drives and a small board housing an Oxford Semiconductor 
OXE800 ARM CPU with an ARM926EJ-S core, a 32MB Hynix 
RAM chip and the Via Cicada Simpliphy vt6122 Gigabit 
Ethernet chipset. The device also includes an externally accessi- 
ble USB port to supplement the RJ-45 Ethernet connector, and 
it supports AES-128 encryption in-hardware. Despite its limited 
RAM capacity, Linux's conservative use of resources puts little 
bounds on the uses the device reasonably can be put to by 
your creativity. Do not plan to saturate the Gigabit Ethernet 
link, however, because the CPU will not carry you much 
beyond 5MB/sec—a limitation that does not affect single- 
user backup or applications involving several users. 

The drives are ext-3 formatted in the World Edition series, 
as NAS access shields the predominant Windows and 
Macintosh user population from the actual filesystem choice— 
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a detail that is exceedingly convenient, as it allows you to pull 
drives from the device and mount them in any Linux host for 
recovery should the support board ever fail. 


FIRST PACKETS 

Initially, you need to boot in the “World of Warcraft” partition 
of your system—the one running one of those proprietary 
operating systems—and install the Western Digital MioNet 
Access tools. You will need these only for the initial step—to 
find out what IP address your as-of-yet uncommunicative 
device has received from DHCP; you will not need the WD 
tools afterward. If you have a network sniffer set up, it may 
be faster for you simply to catch the DHCP assignment as it 
happens and save the time of registration and download. You 
also can check your DHCP server tables, if you have access to 
them, or simply read the data off the mounted Windows share 
that will be set up once you install the tools. Either way, once 
you are in possession of the IP address the device is using, you 
will point a Web browser to it and configure the settings that 
the Web interface exposes. You will be asked to provide 
authentication, which will match the credentials you created 
during the WD setup process, or, if you used a more exotic 
process, it will use the system defaults (“admin”, with a 
password of “123456"). 

The device's built-in WD Shared Storage Manager (Figure 2) 
is a very lightweight and useful application, which you will 
leave enabled, even in this Linux-centric setup, as a convenient 
way to create users and carry out the most common configu- 
ration tasks. | recommend you take the time to configure most 
settings exposed here as part of your initial customization, as 
the convenience simply cannot be outdone. At a minimum, 
you should iterate over the General Setup section and config- 
ure your device name and workgroup (these configure Samba), 
date and time, and review your network settings. As preparation 
for the next step, you need to create a user (File Sharing—User 
Management) that you will use to log in at the console, as 
access via your existing Web administrator account will not 
be permitted. 


Shared Storage Manager | stir 
‘Shared Storage Configuration Drive Stans: OK 
anguage | WD 5 
% Home Generat Setup File Sharing | Orve Management 
@ File Sharing 
System Summary 
Current Shared Folder Settings 
Share Name = 
PUBLIC Inter! coved 
eas Seca: 1.014.000 
User Menagemient vans Sonce 191440072 
Pementage Fae OPK 
Add a Shared Folder Network 
Rename a Shared Folder Pee eee 
Seved: $2008 
Remove a Shared Folder Advan WARE.AI0.AS 
Dotnet Gatemay, v04.98.121.244 
Update Security Settings wes WOUTH PARK 


Figure 2. The built-in Web interface provides easy access to basic 
Samba configuration. 


One more change you should consider at this point is 


whether to set up RAID. The device supports two modes of 
operation: data striping (RAID 0), which has performance 
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advantages and offers the total capacity of both drives com- 
bined, and data mirroring (RAID 1), which provides the storage 
capacity of only one of the drives but protects you by creating 
two fully redundant copies of your data. The default setting 
(Drive Management->Change Drive Type) is data striping— 
should you want to change it, this is the time to do it. Once a 
RAID rebuild is started, all data on the shared, nonsystem part 
of the drive will be lost. More important, although the drive 
shares will become writable in a few minutes while the rebuild 
is still underway, wait until it has completed entirely as you will 
need to tinker with the device's firmware upgrade path next 
(and triggering reboots while the RAID array is rebuilding is a 
surefire way to tempt fate into bricking your device). Just let it 
run overnight and come back to it the next morning. You can 
see whether the rebuild has completed by checking the drive 
status in the Shared Storage Manager; it will switch back from 
synchronizing to OK. 


VOIDING WARRANTIES 

To start unlocking the multifaceted abilities of this wonderful 
device, you first need to obtain console access. To be clear, this 
voids the device's warranty, as Western Digital obviously is not in 
the business of supporting Linux servers in all their possible con- 
figurations and software options, and that kind of flexibility is pre- 
cisely what we are after. Bear in mind that although these steps 
were researched and verified conscientiously, the author and Linux 
Journal accept no liability for rendering your device inoperable as 
a result of these instructions—proceed at your own risk. 

The WD Hacking community was spawned by Martin 
Hinner's creation of a backdoor process that uses the drive's 
built-in firmware update process to reset the device's root 
password, spawn the SSH daemon and generate the SSH host 
keys. Just like everyone else, let’s head to Martin’s Web page 
(see Resources) and follow the instructions found there. In 
effect, all you have to do is navigate to a URL on your device. 
The URL includes a GET parameter for the upgrade script to 
run. The parameter references a script on Martin's site, but this 
script, rather than performing an upgrade, generates SSH 
keys, clears the root password and starts the SSH dzemon. 

Once the “upgrade” is initiated, you will not receive feed- 
back on the Web page that it has completed, and you proba- 
bly should not do anything to your device in this interval, lest 
you rouse those bricking fairies. Simply wait three minutes, 
then start attempting to log in via SSH with the user (not 
administrator and not root) account you created earlier in 
the Shared Storage Manager. As soon as you see the SSH 
demon respond with a login prompt, you will know the 
break-in succeeded. If you set up your user account correctly, 
you will be able to log in. If you are having trouble logging 
in, take care that your user name is spelled in CAPS (ssh 
USER@ipaddress), as you will note that the user management 
Web interface creates all accounts in that fashion. One more 
troubleshooting tip: the latest firmware revisions actually 
output a message that the update has failed, although the 
SSH daemon has, in fact, been spawned successfully and is 
ready for your connection. 

Once successfully logged in to your device, you can esca- 
late your privileges by switching user to root (su -) as the 
superuser password is now blank. You will need to carry out a 
few tasks—the first one of which is adding the SSH daemon to 


the default startup list to ensure that your newly gained access 
lasts past your next reboot. Head to /etc/inittab, and add the 
following after the system startup section: 


# Start a few good daemons 
:isysinit:/usr/sbin/sshd 


After making your changes, make sure they have been 
written to disk by doing a “sync”, and fix a few details of your 
user account, such as granting yourself a home directory and 
possibly a lowercase user name. Do all your /etc/passwd and 
/etc/shadow housekeeping before rebooting to verify that the 
SSH daemon is now spawning by default and that your user 
accounts are working as intended. 


ND TOUR 

You're past the most difficult point; now you can proceed to 
explore the system and tweak it to your heart's content. Unless 
you plan to use the MioNet service, some recommend switch- 
ing its daemon off, as it is a Java process that weighs on both 
CPU and RAM. As the MioNet service enables wide-area file 
sharing, | elected to turn off the service, but to do so cleanly, 
in case | decided | needed the functionality after all. Edit 
/etc/init.d/post_network_start.sh, and comment out line 17 
of the script: 


$SCRIPTS_PATH/crond.sh start 
# $SCRIPTS_PATH/mionet.sh start 
touch $POST_NETWORK_STARTED FILE 


This stops the daemon from being spawned automatically 
at boot, but if you need its services, you can start it up from 
the Shared Storage Manager interface (General Setup—>WD 
Anywhere Access) as needed, giving you the best of both worlds. 

The system is built around a 2.6.17.14 kernel, with 
BusyBox centralizing many of the command-line tools. There 
are no man pages, but the system is an otherwise reasonable 
minimal Linux instance, including the majority of the common 
management levers (ps, top, free, ifconfig, wget and so on) 
as well as a development toolchain with all the trimmings 
(gcc 3.4.2, gmake and so on), enabling you to build any 
software that may be missing. The mounts show a good 
picture of the device: 


# df -h 

Filesystem Size Used Avail Use% Mounted on 
rootfs 2.8G 277M 2.4G 11% / 

/dev/root 2.86 277M 2:4G 11%. 7 

/dev/md3 950M 19M 884M 3% /var 

/dev/md4 455G 199M 455G 1% /shares/internal 


It also is worth mentioning that on the dual-drive unit, 
the system partitions are mirrored by default, regardless of 
the RAID state of the share space: 


# cat /proc/mdstat 

Personalities : [linear] [raid1] 

mdl : active raid1 sdb1[1] sdal[0] 
2939776 blocks [2/2] [UU] 


GS-Lo8 Fanless Pico-ITX System 
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md2 : active raid1l sdb2[1] sda2[0] 
104320 blocks [2/2] [UU] 


md3 : active raid1l sdb3[1] sda3[0] 
987904 blocks [2/2] [UU] 


md4 : active linear sdb4[1] sda4[0] 
1945407104 blocks 64k rounding 


unused devices: <none> 


Another important detail is the behavior of the power but- 
ton: regulated by a small demon also controlling the LEDs, it 
will bring the device down performing a proper reboot if 
pressed for two seconds, or it will cause a soft shutdown if 
held for four seconds—train yourself to recognize the light 
schemes by looking at the device when you issue software 
reboots (the device has a hard reset button on the back were 
it to become seriously wedged). Besides looking wicked cool, 
the LED rings visualize both disk activity and available disk 
space, as well as RAID failures, joining form and function. 


NETWORK AND DISCOVERY 

If you followed my advice to set the device name and work- 
group earlier, your hostname is taken care of already. The 
device boots in DHCP mode by default, which can be altered 
easily for those who want a tiny, power-conscious but rather 
homebound server at their disposal. | find the greatest promise 
of the WDMBII in its easy mobility, however, and that poses 
the question of how to recognize its location quickly in a new 
setting—nothing that a good bit of scripting cannot fix. 


Besides looking wicked cool, 
the LED rings visualize both 
disk activity and available disk 
space, as well as RAID failures, 
joining form and function. 


The first approach to this is to have the device notify you 
of its IP address as it boots. | personally leverage instant 
messaging for these sorts of system notifications and have an 
“automation” group in my contact list featuring several borg- 
looking avatars that are authorized to send me all manner of 
alerts when the situation warrants. The key to this script is the 
SendXMPP tool (see Resources), which provides the ability to 
send instant messages with ease from the console. SendXMPP 
carries a few Perl module dependencies that you need to 
download from the CPAN archive and build. Retrieve the 
tarfiles via wget, extract and follow the customary perl 
Makefile.PL; make; make install procedure as root—the 
CPAN shell does not seem to work in the strict RAM confines 
of the WDMBII. After building two or three modules, you 
will be able to include the following one-line wizardry in 
/etc/init.d/post_network_start.sh (line 20): 


# $SCRIPTS_PATH/mionet.sh start 
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touch $POST_NETWORK_STARTED_FILE 


# Announce IP address of operation to admin 
OUT=ifconfig | grep -A2 "etho"’; \ 
echo -e "(lLander) now operational: \n$OUT" \ 
| /usr/local/bin/sendxmpp -r lander-notifier \ 
-f /root/.sendxmpprc lucifred@jabber.org 
bi 


The script parses the current network configuration and 
sends it with appropriate text wrapping and an XMPP 
resource (-r) describing the device to one of my notification 
accounts. The user ID and password are retrieved from 
/root/.sendxmpprec (-f). Once the script is installed, the device 
will notify me of its IP address at every bootup in any network 
where DHCP is enabled and access to the Jabber server in 
question has not been restricted. The result message is very 
effective in allowing me to locate the device and possibly even 
troubleshoot occasional connectivity glitches: 


(lander) now operational: 
ethod Link encap:Ethernet 
HWaddr 00:90:A9:15:DD:73 
inet addr:164.99.120.96 
Bcast:164.99.121.255 
Mask:255.255.254.0 
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
This approach will serve most road warriors willing to put 
up with connecting to IP addresses. But, power users control- 
ling their own domains can do even better. By setting up a 
dynamic DNS subdomain, one can enable the device to update 
at boot a fully qualified domain name, valid to the Internet at 
large. The intricacies of DNS zone configuration are beyond 
the scope of this article, but the Perl script to leverage a 
properly configured domain remains relatively simple: 


# Variables to configure the script's operation 


my $hostname = '‘ooga'; # Device hostname 

my $domain = 'dynamic.booga.org.'; # Domain name 

my $nameserver = 'nsl.booga.org'; # Primary nameserver 
# for your zone 

my $keyname = 'md5key'; # Name of the key 

my $key = 'se64bAsE64BASE64BasE64=='; # HMAC-MD5 TSIG key 

my $interface = 'ethQ'; # Interface whose IP 
# is to be published 


Refer to the Resources section of this article for a reference 
to the Web page where the author maintains the script. This 
more extensive solution makes our briefcase-friendly, quick- 
booting mini-server a full-fledged participant in the Internet. 


ADDING SERVICES 

The most obvious workload for our portable server is file- 
centric: well equipped with SMB support from Samba and NFS 
support built in to the kernel, as well as the lighttpd Web 
server and the rsync client, the system is ready to shine in this 
space. Enterprising users have built HOWTOs describing how 
to expand further the array of services to FIP and even 
BitTorrent, but | should not forget to mention that the system 


has a healthy complement of essential daemons: ntp, cron and 
even Apple's mDNS are at your disposal out of the box. 

The built-in toolchain enables the compilation of packages 
natively, but cross-compilation also is a possibility for jobs 
requiring more RAM than the device has available. It is, 
however, possible to find prebuilt packages for a number of 
services, as the device shares the ARM core of many others, 
its closest cousin being the Gumstix micro-board (check the 
many Gumstix sites for suitable binaries before starting a 
large cross-compiled build). 


CONCLUSION 

The WD Mybook II World Edition is clearly a device warranting 
the attention of hardware hackers looking for a small, cheap, 
low-power platform on which to build their projects. Western 
Digital's wisdom in not stripping the system portion of the 
device should be recognized in that it has provided us with a 
wonderful target for our tinkering. Although sporting only 98 
BogoMIPS, its hardware has unusual capabilities (hardware 
AES encryption and native support for Java bytecode among 
them) that provide further application levers for our appli- 
ance-building projects. | introduced here the hardware, its 
capabilities, how to breach its security and how to enable 
it with top-class network configuration at bootup on 
nearly any network. | hope you, the reader, will follow me 
and others in this exploration of what our imaginations 
can make of this small hardware wonder.™ 


Federico Lucifredi is the maintainer of “man” as well as the Systems Management Product 
Manager for the OpenSUSE and SUSE Linux Enterprise product lines at Novell. He loves to tinker 
with old hardware and build contraptions that puzzle his colleagues. 
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Enabling SSH Access on MyBook World Edition, by Martin 
Hinner: martin.hinner.info/mybook/sshaccess.php 


How to Set Up My Book World Edition II, by Paul Henman: 
henman.livejournal.com/1161953.html 


SendXMPP: sendxmpp.platon.sk 


CPAN (Comprehensive Perl Archive Network): 
Wwww.cpan.org 


Daemon-less Wide-Area DNS Update, by Federico Lucifredi: 
primates.ximian.com/~flucifredi/dns-update.html 


Using SSH and FTP on Western Digital MyBook Word, 
by Edouard Briere: www.nanalegumene.net/ 
using-ssh-and-ftp-on-western-digital-mybook-world 


BiTtorrent on Mybook World: done, by Edouard Briere: 
www.nanalegumene.net/ 
bittorrent-on-mybook-world-done 


Binaries for Gumstix Board: www.nslu2-linux.org/wiki/ 
Optware/Gumstix 
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onkeror is a Web browser with an Emacs-style look, 
feel and configuration. It uses Firefox's HTML render- 
ing engine and works with most Firefox extensions, 
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browser for Netbooks with their imprecise touchpads and small 
screens. Conkeror uses the same free software license as Firefox. 


Home Topics Commanity Resources Forums Shop Magazine 


Subscribe now 


Subscribe Renew Free isuae Customer service 


At the Forge - OpenID 


luction to OpeniD, an open-source, 
single sign-on solution for intemet 


3 comment(s) 


Hoday Cheer, Hobday Season's Greetings 
Uneheer Part 1 ‘hiass Mader 


HOW-1Os 


Convert SpreadSheets to CSV files 
with Python and pyuno 


Breaking News 


Apple to Let Tunes on S24" 
the Leash 


SourceLabs Opens Up 


‘ 5) 
httpy/www.linuxjournal.com/ 15:25 (0. 100) 


Done 


Figure 1. Conkeror Web Browser 


Installing Conkeror 

Users of Debian Lenny, Debian Sid and Ubuntu Jaunty should 
install the conkeror and conkeror-spawn-process-helper pack- 
ages. Users of other distributions should install the XULRunner 
package (xulruner-1.9 or xulrunner). If you installed the Firefox 
package, that package installed XULRunner for you. After 
you install XULRunner, download a Conkeror snapshot and 
unpack it into your usual software directory—you don't need 
to compile anything. See Resources for a link to the Conkeror 
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snapshot download. 

To put the Conkeror launcher in one of your regular 
executable directories so that you can start Conkeror from 
a command prompt or application launcher, create a 
symbolic link from the conkeror/contrib/run-conkeror file 
to one of your usual executable directories. For example: 


$ ln -s /usr/local/share/lLib/conkeror/contrib/run-conkeror \ 
/usr/local/bin/conkeror. 


lf your distribution doesn’t include Firefox, download 
XULRunner from Mozilla and unpack it into your usual 
software directory. Then, download a Conkeror snapshot 
and unpack it also into your usual software directory. See 
Resources for links to the downloads. 

You must perform an extra step to make the Conkeror 
launcher work. First, copy the xulrunner-stub file from the 
XULRunner directory into the Conkeror directory. Then, create 
a symbolic link from that file to one of your usual executable 
directories. For example: 


$ cp /usr/local/share/lib/xulrunner-1.9/xulrunner-stub \ 
/usr/local/share/lib/conkeror/xulrunner-stub 
$ In -s /usr/local/share/lib/conkeror/xulrunner-stub \ 
/usr/local/bin/conkeror. 


Browsing the Web with Conkeror 

You don’t need to configure Conkeror to get started; simply 
start the conkeror executable you installed. Conkeror’s start 
page lists which keys perform which actions (keybindings). 
The first keybinding listed, g, goes to the URL you specify. For 
example, load the Linux Journal home page by pressing g and 


typing Linuxjournal.com. Follow links by clicking them, as 
you would do in Firefox, and press B to return to previous 
pages or F to advance to later pages. 

Return to the basic list of keybindings on the start page by 
pressing, C-h i. In Conkeror and Emacs, C- stands for, “hold 
Ctrl and press the next key”. For example, C-h i stands for 
“hold Ctrl, press h, release Ctrl and h, and press i”. Conkeror 
uses other Emacs keybinding abbreviations also: M- means 
hold the Meta key (the Alt key on PC keyboards and the 
Option key on Macintosh keyboards); S- means hold the Shift 
key. For a complete list of Conkeror keybindings, press C-h b. 

Although you can follow links by clicking them, you should 
learn to follow them using the keyboard to get the most 
out of Conkeror. To follow a link with the keyboard, press f. 
Conkeror places a small number next to each link (Figure 2), 
including link images. Enter a number to follow its link or 
type letters from the name of the link you want. As you 
type letters, Conkeror removes the numbers from links that 
don’t match those letters and renumbers the remaining 
links. Even on a slow computer, this happens instantly. If 
only one link matches the letters you entered, Conkeror 
automatically follows it. 


Subscribe now 
‘At the Forge - OpenID 
i ee 
An Introduction to OpeniD, an open-source, 
distributed, single sign-on solution for intemet OpenID 
applications. 
Fiead more » 
Beomment(s) 
HOW-1Os Breaking News 
invert SpreadSheets to C3V files 22 hours 
Bitch Frazier ago 
ONTOS, CoureeLabs!Opens Up © *° n| 
trina 1 asnas 
|e Sf 5) 
http:/wwilinuxjournal.com/ 15:26 (0. 100) 
Follow (select link): 


Figure 2. Following Links in Conkeror 


For example, let's assume the three link names: foo, bar 
and baz. Typing f and 3 follows the third link, baz. Typing f 
and baz also follows the baz link. Typing f and b removes 
the number next to foo, so that you can press 1 to select 
bar or 2 to select baz. 

As in Firefox, you can start a search within Conkeror. 
Press g, type “google”, type your search term, and press 
Return to go to the Google result for your search term. 
Replace “google” with “lucky” to go straight to the first 
Google result, or replace it with any of the following words 
to use another search engine: “wikipedia” “sourceforge” or 
“dictionary”. When you search Google, Conkeror asks Google 
to guess what you're searching for and displays the best 
matching results in a list. Press Tab to select the top result, 
use the keyboard arrow keys to select an alternative result, 
or simply finish typing your search terms and press Enter. 
This also works for Wikipedia searches. 


Using Conkeror’s Buffers 

Firefox uses tabs to keep separate Web pages in the same 
browser; Conkeror uses buffers to do the same thing. To open 
a link in a new buffer, press C-u f and select the link using the 


link-following instructions above. For example, say you're back 
on the page with the foo, bar and baz links. To open baz in a 
new window, press C-u f and type baz. Press C-u before any 
command that opens a Web page to load that page in a new 
buffer. For example, C-u g goes to a URL or loads a search 
result page in a new buffer, and C-u C-h i loads the start 
page in a new buffer. Also, links that try to open a new 
window will be opened in a new buffer. 

Return to the previous buffer by pressing M-p (Alt-p on 
PCs and Option-p on Macs); advance to the next buffer by 
pressing M-n. Press C-x b to display a list of open buffers 
(Figure 3). Each buffer in the list has a name—its URL plus its 
title. Select a buffer name from the list using the keyboard 
arrow keys or narrow the list by typing part of a buffer’s 
name. Press Enter at any time to show the selected buffer. 
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Figure 3. The Buffer List 


Close a buffer—in Conkeror’s terminology, kill a buffer—by 
pressing C-x k to display the list of buffers. Select a buffer the 
same way you did above, and press Enter to kill it. Conkeror 
selects the current buffer by default, so you can kill it quickly 
by pressing C-x k <Enter>. When you close the last buffer, 
Conkeror exits. Close Conkeror and all its buffers automatically 
by pressing C-x C-c. 


Some Other Keybindings 

Power users of any Web browser often edit the URL to go to a 
different part of the Web site they're visiting. Press C-x C-v 
to edit the current URL in Conkeror. Combine this with C-u 
to open the modified URL in a new buffer: C-u C-x C-v. 

Bookmarking a URL in Conkeror lets you return to it using 
Tab completion when you change URLs. Press b to bookmark 
the current URL, choose a name for the bookmark (Conkeror 
fills in the page title by default), and press Enter. Press g to go 
to a new URL, type in a few letters from either the bookmark 
title or the bookmark URL, and press Tab. Conkeror shows 
you a list of bookmarks that match the letters you typed; 
use the keyboard arrow keys to select a bookmark and press 
Enter to go to it. 

Sometimes when you try bookmarking a page, Conkeror 
asks you to choose a frame. It places a number next to each 
frame on the page and lets you choose a frame by entering 
its number. If you want to bookmark the URL containing all 
the frames, enter the number 0. 

Access all of Conkeror’s commands—even those that aren’‘t 
bound to a keybinding—by pressing M-x, typing the command 


www.linuxjournal.com july 2009 | 73 


FEATURE The Conkeror Web Browser 


name and pressing Enter. Press Tab to complete any command 
name; for example, press M-x, type print, and press Tab to 
make Conkeror select the print-buffer command. If you press 
M-x and Tab without typing anything, Conkeror lists all of its 
commands. | suggest you review this list to get an idea of 
everything Conkeror can do. 


Conkeror’s Modes 

Conkeror includes special scripts, called modes, that change 
its behavior on specific sites—for example, the simple XKCD 
mode for the xkcd.com comic-strip site. When you visit 
xkcd.com in Firefox, it displays the comic's title when you 
move your mouse over the image. When you visit xkcd.com in 
Conkeror, it activates XKCD mode (Figure 4) and displays the 
title below the image in a special font—you don’t need to 
move your mouse over the image. 
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Figure 4. XKCD Mode in Action 


The Gmail mode redefines many of Conkeror’s default key- 
bindings so that you can use the default Gmail keybindings. 
Other modes include a Google Maps mode, a Reddit mode 
and a YouTube mode. 

When you visit a site that has a mode, for example Google 
Maps, Conkeror loads that site’s mode. When you leave the 
site, Conkeror automatically unloads the mode. You can try 
using modes on other sites by loading the mode’s command 
through the M-x menu. For example: M-x xkcd-mode. 
However, most modes don’t make sense on alternative sites. 


Advanced Configuration, Advanced Features 
Firefox has a pretty Preferences configuration screen. Conkeror 
doesn’t. But, you can change any browser setting in Conkeror 
on the about:config page. Press g, type about: config, and 
press Enter to go to the page and double-click the settings you 
want to change. Conkeror shows changed settings in bold. 
Use the search bar that appears on the top of the page to find 
specific settings quickly. For example, enter proxy to find all 
the proxy settings. 

Although you can find and change settings easily in 
about:config, some users prefer a dynamic Emacs-style config- 
uration file. This file can change about:config settings, define 
keybindings, add new commands, load external modules and 
define events using JavaScript. You can turn any file into a 
Conkeror configuration file, but the file must exist before you 
try using it. For example, add the following line to the file 
.conkeror.rc to prevent Conkeror from displaying a warning 


74 | july 2009 www.linuxjournal.com 


message before showing the about:config page: 
user_pref("general.warnOnAboutConfig", false); 


After creating the configuration file, you must tell 
Conkeror where to find it. Go to the Conkeror start page 
by pressing C-h i, scroll to the Conkeror RC File section, 
and enter the full pathname of the configuration file in 
the text box. For example, | entered the following text: 
/home/harding/.conkeror.rc. Press the Set RC File button. 
You need to do this only once. 

Just below the Set RC File button, Conkeror lists several 
example directives for you to put in your configuration file. For 
instance, one line tells Conkeror how to use a custom search 
engine when you press g. You also can add new commands 
and new keybindings to Conkeror. For more examples, follow 
the Conkeror Wiki link in the Resources section of this article. 

The next section tells you how to use Firefox extensions in 
Conkeror, but some Firefox extensions don’t want to work 
with a browser that isn't named Firefox. Most Firefox 
extensions work in Conkeror if you tell the extension 
you're really using Firefox. | suggest you put the following 
line in your configuration file to make Conkeror ignore 
compatibility problems: 


user_pref("extensions.checkCompatibility", false); 


Using Firefox Extensions in Conkeror 

Most Firefox extensions work in Conkeror, but if youre used 
to Firefox extensions, installing an extension in Conkeror may 
feel like a step backward. First, find the extension on the 
Mozilla Web site (or another Web site), and download it to 
your computer. (Firefox extension filenames end in .xpi.) Then, 
press M-x, type extensions, and press Enter to start the 
extension manager. Choose the Extensions tab, click the Install 
button, use the file navigator to select the file you downloaded, 
and click Open. As in Firefox, you must restart Conkeror to 
load the extension. 


Using an External Editor 

Conkeror lets you edit HTML text boxes in an external text edi- 
tor—for example, Emacs (Figure 5). Conkeror copies the text 
box's contents to a temporary file, opens your text editor on 
the file and reads the changed file back into the text box 
when you close your editor. To use this feature, you must compile 
Conkeror’s small helper program, conkeror-spawn-helper. (If 
you used the instructions above to install the two Conkeror 
packages in Debian or Ubuntu, you may skip this paragraph.) 
Go to the Conkeror source directory you installed and run 
the following command: make. You don’t need to run 
make install, because make compiles the program in 
the directory Conkeror uses. 

Next, you need to tell Conkeror which text editor to use. 
Conkeror looks for the editor command in the $EDITOR 
environmental variable, but if $EDITOR isn’t set, Conkeror 
starts Emacs. Most distributions let you set the $EDITOR 
variable by adding the following line to your ~/.xsession 
and ~/.xinitre files: 


export EDITOR=my_editor 
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Figure 5. Editing a Wikipedia Article in Conkeror 


Replace my_editor above with the name of the editor 
you want to use—for example, for the graphical VIM editor, 
gvim; the GNOME editor, gedit; or the KDE editor, kate. 

If you want to use a console editor, prefix the environmen- 
tal variable’s value with the name of a terminal emulator— 
for example: 


export EDITOR="xterm -e vim" 


However, if you use external editors in other programs, you 
may not want to do everything in a graphical editor. To make 
Conkeror alone start a specific editor, add the following line to 
your Conkeror RC file and don’t set the $EDITOR variable: 
editor_shell_command = "my_editor"; 

After all that configuration, using the external editor 
should seem simple. Use the Tab key or the mouse to place 
the input cursor in a text box and press C-i. You can edit small 
boxes—for example, a box for your name—or large boxes— 
for example, the edit box in a Wikipedia article. Conkeror 
grays out the text box while you edit. When you finish editing 
by closing your text editor, Conkeror restores the original 
background color. 


Documentation 

The Conkeror start page links to its built-in tutorial, which you 
activate by pressing C-h t. The tutorial teaches you how to 
browse the Web with Conkeror. 

Similar to Emacs’ help, Conkeror's help can describe its 
own commands. The C-h f keybinding describes commands, 
and the C-h k keybinding describes keybindings. For example, 
to find out what the print-buffer command does, type C-h f 
and print-buffer. Conkeror will tell you that, “print-buffer is 
an interactive command in commands.js [to] print the currently 
loaded page.” Similarly, press C-h k and f, and Conkeror 
tells you “f is bound to the command follow in 
bindings/default/content-buffer/element.js.” 

For complex problems, Conkeror can help you search its 
wiki. Press g, and type conkerorwiki, and enter your search 
terms. Conkeror searches its wiki, which includes troubleshooting 
information and lots of ways to get the most out of Conkeror. 
Of course, you always can go directly to the Conkeror wiki 
using the link in Resources. 


Conclusion 

| hesitated before trying Conkeror the first time. As a longtime vi 
user, | wasn't interested in anything based on Emacs. But, | did 
need a Web browser that could make the most of my Netbook’s 
5"-tall screen and crummy touchpad. Conkeror fit the bill, and | 
tried it. It impressed me. Although Conkeror may seem complicat- 
ed in its sophistication, | soent most of my time going to pages, 
following links and editing text boxes—three things Conkeror 
makes easy and quick. After | slowly learned to use its other fea- 
tures, | found no reason | shouldn't enjoy the advantages of an 
advanced keyboard-driven Web browser on my desktop as well. 


David A. Harding lives in New Jersey and works as a freelance technology writer. He has a Linux 
Professional Institute system administration certification and can often be found organizing local 
GNU/Linux events. 


Resources 


Conkeror Home Page and Wiki: conkeror.org 


Download Conkeror Snapshot: repo.or.cz/w/ 
conkeror.git?a=snapshot;h=master;sf=tgz 


Download Mozilla XULRunner: releases.mozilla.org/ 
pub/mozilla.org/xulrunner/releases/1.9.0.1/runtimes 
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Operating System installed on Flash Disk. Apply power and 
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using the responsive integrated touch-screen. Everything works 
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Bug Labs: Hacks and Apps 


Use Bug Labs’ modular, open-source system for building devices and find out what 
you can do with a fully integrated device development platform. ALICIA GIBB 


You may have read about Bug Labs, the open-source modu- 
lar gadget company, in Mike Diehl’s article in the August 2008 
issue of Linux Journal (see Resources). We're back to tell you a 
bit more! In this article, | fill you in on some general information 
about BUG, including our latest news, and then provide some 
ideas about what you can do with BUG. 

BUG is a modular, open-source system for building devices. 
Four modules can be snapped into the BUGbase, which has 
an ARM 1136 MX31 embedded processor. BUG runs a 2.6.27 
version of the Linux kernel and a distribution customized from 
Poky Linux, which is derived from the OpenEmbedded distribution. 
OpenEmbedded is a distro specifically for embedded systems. 
It cross-compiles the JVM and other language runtimes. In 
addition, thousands of other packages (applications, libraries 
and so on) are available and can be compiled for BUG using 
the BitBake program. 

At BUG, open source doesn’t mean only source code, but 
also flexibility and the power to choose. As Mike Diehl wrote 
in his previous article, it’s easy to ssh into BUG. After logging 
in, you'll be at the BusyBox shell, and from there, you can 
get into the filesystem, install and run software, killal1l and 
more (though we don’t recommend that last one). 

We want users to be able to choose the language they 
prefer, the interface they favor and the modules that accom- 
plish their goals. The modules currently for sale are the 
BUGview (full-color touchscreen LCD), BUGmotion (motion 
sensor/accelerometer), BUGlocate (GPS), BUGsound (audio) 
and BUGvonHippel (our breakout board with serial, general 
/Os, 12C, SPI, DAC, ADC and more). BUGvonHippel was 
named after Dr Eric von Hippel of MIT for his contributions 
in the Open Source movement and his book called 
Democratizing Innovation. 


We want users to be able to 
choose the language they prefer, 
the interface they favor and the 
modules that accomplish their goals. 


Coming out in the next few months will be the BUGwifi 
(which also includes Bluetooth), BUGbee (802.15.4 protocol) 
and BUG3g GSM (3G), to be followed by the BUGprojector 
(pico) module. Additional specifications for our current 
modules are located on our Web site (see Resources). 

To connect all these modules and communicate with the 
kernel, we export I2C, SPI, UART, 12S, camera and display 
interfaces in our own BMI (Bug Module Interface) wrapper to 
make the device as flexible as possible. You then can put any 
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module into any slot (and yes, they’re hot-swappable), 
creating your own open-source gadget or prototyping 
platform, bottom-up style. 

BUGs are also flexible with what language you can use to 
code. We support Java, C, Python and Ruby on BUG, but you 
can write in any language you want, so let us know when 
you've got brainfork working. 

Although we encourage other languages, you also should 
be prepared to dig around for packages or write a few 
libraries. One of our developers recently wrote a tutorial on 
our Community Blog (see Resources) for building C/C++ 
programs on the BUG. This example uses a Python program 
called BitBake, along with build description files called 
recipes, to generate executable programs and other artifacts 
meant for a specific computer architecture. Recipes are the 
metadata about how a program is built and provide a way 
for all packages to be deployed consistently. Finally, this 
allows for the BitBake program to create an image containing 
the entire operating system. 

When installing new packages on BUG, you can use the 
ipkg program to install from BUG’‘s shell. Ipkg is analogous 
to yum or apt-get in other Linux distributions and provides 
a simple way of installing new software on BUG. We 
maintain a repository of programs for BUG on our Web 
site (see Resources). 

What else can you do with BUG? Technically speaking, 
you can do anything you want with a BUG; it’s a fully pro- 
grammable embedded computer. We realize that’s a little 
vague. Because BUG is open-source, imagine morphing 
any handheld device into your own open-source version 
running on Linux, allowing you more options than its 
closed-source counterpart. 

Another use is the ability to create hardware without 
having to solder or go through numerous manufacturing 
headaches. You can use the BUG as a prototyping system 
to create and re-create solutions to your problems. And, 
of course, you can create a new device that isn’t available 
from your local Best Buy or Radio Shack. 

Our apps page (see Resources) includes Java apps uploaded 
by our community and the Bug Labs team. Looking through 
the current applications is the best way to get an idea of what 
can be done with BUG. Although many of these apps are 
proof of concept, these examples show off some of BUG's 
possibilities. Finally, BUG has a growing community of users 
who have defined new BUG capabilities both within hardware 
and software. A handful of community members even have 
created their own modules, made with our schematics and 
CAD files found on our Resources and Documentation wiki 
(see Resources). 


Each module has a Hello World app as well as many proof- 
of-concept applications. These are useful for seeing what each 
module is capable of. For example, BUGmotion can store the 
data it gets from three different axes (X, Y and Z) and detect 
motion in various programmable ranges. Simply by using this 
module with a BUGbase, you could program BUG and toss it 
into your luggage before a flight to chart the data from each 
axis as it gets jostled around. Keep in mind the rechargeable 
battery life is currently three to four hours without AC power. 

BUGview is useful, for example, if you'd like to check out a 
terminal directly on your BUG, although the keyboard is diffi- 
cult to type on without tiny fingers, so we recommend using a 
Bluetooth keyboard via the BUGwifi or USB via BUGvonHippel. 

You also can program BUGview to act as one large button 
that can send data to other modules and change color as 
feedback that the button has been pressed. 

BUGlocate can be used to gather data about wherever 
your BUG is or stowed in your car to monitor your teenager's 
driving patterns (though that seems a bit Big Brother for us). 

BUGsound can play files saved on the SD card. Coupled 
with the accelerometer, it can make different noises when held 
in different positions. Search for the Phunky app on our apps 
page for more details. 

BUGwifi opens up many options, from connecting different 
devices via Bluetooth to sending messages to your Twitter 
account when motion is sensed. 

BUG3g GSM also will broaden the horizons of data trans- 
ferring capabilities. Data can be sent to or from your phone or 
other devices. Imagine your doctor writing you a prescription 
on a BUG and having the data immediately sent to your 
patient file and your pharmacist—with encryption of course! 


Figure 1. Instant root Access in the BUG’s Terminal (Photo Credit: 
Brian Ballantine) 


A lot of interesting apps come about due to networking 
capabilities. BUG comes with its own Web server and allows 
you to query each module's data by accessing the correspond- 
ing Web service. For example, you can connect your BUG to 


your network, put http://10.10.10.10/service/picture (default IP 
address of BUG) in your browser, and see a JPEG format picture 
taken with BUGcam2MP. BUG uses RESTful Web services 
and HTTP operations to manipulate the resources it provides. 
Making data available in this way is important as applications 
rely more and more on different devices communicating. 

In addition to using the existing Web services, you can 
implement your own Web service or Web front end using Java 
servlets. For example, we recently made a BUGbot—BUG with 
wheels attached. We created a Web page served from the 
BUGbot that could control the direction and speed of the 
device. We then used the BUGbot to drive around the office 
snapping pictures. The BUGbot was easy to make. We 
attached a motor shield to the BUGvonHippel module, 
hooked that up to some wheels, put a tripod on the wheels 
and a BUG on the tripod. With the Wi-Fi module (BUGwifi) 
attached, this BUGbot also can upload the captured images 
to Flickr or Twitter. 

Many familiar libraries have been ported to BUG, allowing 
for the type of functionality you'd expect on any Linux 
machine. For example, the popular open-source computer 
vision library OpenCV runs on BUG. OpenCV allows for 
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applications to gather and analyze data from images and video 
streams. With OpenCV, you can use BUG for blob detection 
and tracking for physical computing applications. OpenCV 
also enables BUG to do face, figure and motion detection 
for security applications. 

Our sysadmin at BUG got a SIP phone running on his BUG 
and wrote about the possibilities with IPv6 and BUG on our 
Community Blog: |IPv6 allows for host-to-host communication. 
Host-to-host can mean BUG-to-BUG, PC-to-BUG, BUG-to-PC, 
BUG-to-(other device), (other device)-to-BUG, BUG-to-(some 
Web service) and, of course, (some Web service)-to-BUG. 
Maybe more. The BUG SIP phone consists of a BUG and the 
BUGvonHippel module with a headset attached through the 
USB port on the BUGvonHippel. To have a BUG SIP phone, 
you'll need a SIP software client, a SIP provider and the 
open-source Asterisk PBX. With enough network bandwidth, 
the quality is clear with little to no lag time. 

While we're on the topic of data communication, R-OSGi 
was created by Jan Rellermeyer and Michael Duller, and it 
stands for Remote OSGi. This application allows servers to 
connect via remote access transparently. Bundles are able to 
move through the network as if they were a local service. This 
application is not only important to BUG, but to the Java 
community as well. A Bug Labs developer used R-OSGi to create 
a camera app that could bind to any camera on the local 
network dynamically. R-OSGi allows this to occur in a general 
way, so that any application’s dependencies can be provided 
transparently by another R-OSGi-speaking device. 

Music server is an application that uses BUGwifi and 
BUGsound. Music files are stored on the BUG's miniSD card and 
can be accessed via an IP address. You can point your phone or 
another computer to the BUG‘s IP address and choose a song to 
play from across the room or possibly (configured correctly), across 
the continent. Integrated audio/MP3 support doesn’t exist in 
phoneME, so it uses madplay, a command-line MP3 player. Songs 
can be played directly through the audio module connected to 
speakers or headphones—the audio module contains a line-in, 
line-out, mic and headphone jack. 

Another useful app that was created by a member of our 
community is the GPSAlarmClock. This app is programmed 
to make a sound when a destination is reached rather than 
a certain time. This uses the PositionHelper class with an 
OSGi service to help with its accuracy. The GPSAlarmClock 
can be helpful if you have a long train commute or road trip 
(provided you're not driving). 

Chris Wade, an active community member also known as 
cmw, ported Quake to his BUG. He hacked it together using 
QuakeSDL. The full instructions are available on his Web site 
(see Resources), but it’s as simple as downloading the binary 
and extracting it, then executing it. He recently added mx31 
support to QEMU, which allows us to run the BUG in a fully 
virtualized environment. Unfortunately, QuakeSDL doesn’t 
support joysticks, so Wade took matters into his own hands 
by hacking the guitar from Guitar Hero to run as a joystick 
for Quake. Rumor has it Ms PacMan is coming next. 

Bug has been learning a lot from the Open Source commu- 
nity, So we understand the importance of giving back to that 
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community. We give back in a few ways. We're active in the 
OpenEmbedded community, and our art director even created 
the new look for the OpenEmbedded Project. Our head of 
software is an Eclipse contributor, and many of our engineers 
participate in the Eclipse community. We expose and discuss all 
of our code (all available in our svn repository), projects and 
hacks openly in hope that someone else runs across answers 
to their questions. We open-source all the driver work we do, 
contribute code to the Concierge OSGi Project and submit 
defect reports for a number of open-source projects. We also 
have given back to various Linux project communities, such as 
the Linux wireless community Libertas. Many of our engineers 
can be found posting and responding to discussions about 
FOSS Java on ARM with topics on OpenJDK with Tarrent and 
the phoneME JVM in Jalimo. 

Another way Bug Labs gives back is through our Test 
Kitchen. This is a small electronics lab located at our 
office in New York, open to the public from 12pm—7pm, 
Monday-Friday. Folks are welcome to bring their own projects 
(whether it involves BUG or not), use the various microcon- 
trollers in the lab or just show up to play with a BUG. We also 
encourage groups like Make:NYC and other similar groups to 
use the Test Kitchen for their events. The purpose of an open 
space for hacking and tinkering is to promote collaboration 
and creativity, share thoughts and learn from each other. We 
ask that you schedule a time when planning to come in by 
sending e-mail to alicia@buglabs.net. 

If you have any further questions about BUG, we're on 
IRC daily at #buglabs on Freenode. Our dev team is ready to 
help, and our community members probably will chime in 
with their advice as well. Check back with us often; updates 
occur regularly.@ 


Bug Labs Team Member Alicia Gibb is a researcher and rapid prototyper. As Bug Lab’s 
Gadget Wrangler, she administers the Test Kitchen for exploring the innovations available 
with modular technology components. She recently took a UNIX class where the guy/girl 
ratio was 2:6. Back up. Reread. Girl Power! 


Resources 


“The BUG: a Linux-Based Hardware Mashup” by Mike Diehl, 
U, August 2008: www.linuxjournal.com/article/10125 


Bug Labs: buglabs.net 

BUG Community: community.buglabs.net 
BUGrepository: repo.buglabs.net 

BUG Wiki: buglabs.net/wiki 

Community Applications: buglabs.net/applications 


Quake on the BUG Base: bug.cmw.me 
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The Last Silos Standing 


Too many businesses still aren't getting the clues from open code. 


DOC SEARLS 


For the many years | wrote Linux for 
Suits and the SuitWatch newsletter, 

| always insisted that Linux and busi- 
ness were joined by and logic rather 
than or. 

| still believe that’s true. But, | also 
believe that many businesses—espe- 
cially the big ones—still don’t get 
Linux, free software, open source or 
even the Internet itself. That’s because 
they remain, in the immortal words of 
Walt Whitman, “demented with the 
mania of owning things”. 

Oddly, the things they want to 
own most are not things at all, but 
customers. These companies still har- 
bor the illusion that customers can be 
“acquired” like slaves and “managed” 
like cattle. The nicest ranches for 
customers are politely called “walled 
gardens”. | prefer an equally agricul- 
tural metaphor: silo. 

The definition of silo | like best is 
“a tall cylindrical structure, usually 
beside a barn, in which fodder is 
stored”. (That's from the Free 
Dictionary.) Fodder, in the case of 
business, is customer data. That data 
includes specifics, such as name, 
address, purchase history and call 
records. It also might include cus- 
tomers’ stated or inferred prefer- 
ences, status with the company 
(frequent flyer grades, for example) 
and other variables. 

The crowning irony of business 
silos is that they are built to maximize 
BI (Business Intelligence), yet they are 
blind to how they’re not working. 
This form of inward-gazing ignorance 
is familiar to techies who have 
watched many silos come down in 
the computing and networking fields. 
Mainframes, closed on-line services 
and proprietary e-mail systems all 
come to mind. The Internet and its 
open protocols killed all those things, 
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yet the lessons remain lost on every 
business that continues to believe 
that good “intelligence” about what 
customers actually want can be 
found inside the company’s customer 
data silo. 

For evidence | offer three exam- 
ples: call centers, loyalty cards and 
mobile phones. All three are shining 
examples of a form of architecture 
that has been discredited, if not 
defeated, by the successes of Linux, 
FOSS and the Internet. 

Look up “call center hell” in 
Google, and you'll get millions of 
results. (This morning, 8.65.) Two of 
the three top search results on Twitter 
are by people working in call centers. 
Most of these are “hold centers”, 
because putting callers on hold is 
what they do best. Conversation is 
not their forté. If you ever reach a 
human being at the end of a choice 
maze, you too often interact with 
a script rather than a human being. 
After an accident involving my rental 
car a couple years ago, the woman at 
the other end of the line reacted to 
my anger at her uncooperativeness 
by admitting that her options were 
limited, literally, by a script. There 
were only certain things she was 
allowed to say or hear. When the 
conversation stepped outside those 
lines—as it had to, since the accident 
was novel in several ways—both of us 
went nonlinear. The call crashed as 
badly as the four cars (including one 
cop car) involved in the pile-up. 

Loyalty cards are the silliest thing 
since Green Stamps. By the middle 
of the last century, nearly every store 
gave away green stamps, achieving 
zero differentiation from every other 
store and adding friction to the entire 
economy in the process. Today, instead 
of collecting stamps and sticking them 


nae me 


in books (to redeem later for a crappy 
grill or something), we collect cards 
that fatten our wallets without making 
us richer. Loyalty cards require retailers 
to maintain dual pricing for merchan- 
dise and add friction at the checkout 
counter, where too often the only 
benefit to the customer is a coupon 
for something they just bought. 
Worse, loyalty programs can’t tell 
when or why people don’t shop at a 
store. My family likes to shop at Trader 
Joe's, because that store avoids the 
hassles of both loyalty cards and 
coupons. There is nothing in other 
stores’ loyalty programs that welcomes 
hearing this useful information. 

Perhaps the worst business silos 
are the Siamese ones formed by cell- 
phone equipment makers and carriers. 
Although PCs—even closed ones with 
Apple and Microsoft operating sys- 
tems—are open to endless varieties of 
third-party applications, we see noth- 
ing of the sort from the cell-phone 
business, with the notable exception 
of the iPhone, which is (as | write this) 
enjoying its billionth application down- 
load. That download, of course, will 
come from exactly one source: Apple’s 
iTunes. One might consider this a step 
in the right direction—it's kind of like 
the one Windows 95 took by making 
it easy for countless developers to 
write applications that would run 
on even-more-countless PCs. The 
next step, however, has to come 
from outside the silos of both the 
equipment makers and the phone 
system carriers. More eyes make bugs 
shallower, as we Say. 

Time to debug some business silos.m 


Doc Searls is Senior Editor of Linux Journal. He is also a 
fellow with the Berkman Center for Internet and Society at 
Harvard University and the Center for Information Technology 
and Society at UC Santa Barbara. 
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